In fairness, Linux GUI toolkits suck a lot. I was a professional Qt developer in a past life and while it stands head and shoulders above GTK, that’s really not saying much.
I’ve often thought about making my own toolkit, but there’s so much that we forget about from things like focus to accessibility to text layout and rendering (much text has been rendered on why text rendering sucks). My hope is that Rust breathes new life into native (as opposed to electron) cross-platform GUIs, and indeed there are some interesting efforts underway.
Yup. Many people including myself are waiting for a viable Electron alternative to emerge, but until then Electron is leagues ahead of the rest. React Native is a missed opportunity for true cross-platform UI, but they chose not to support Linux. I'm keeping an eye on Tauri [1].
Oh, I hadn't heard the news about Canonical, that's neat! Last I checked desktop support for Flutter was unstable and I got the impression from the docs that mobile is the main priority. Maybe it's worth another look.
I meant "they suck for developers", not necessarily for users. I'd rather not get into details because the topic tends to invite flame from some C and especially C++ developers and I don't have the energy for that this morning.
Personally I prefer building GUIs in a scripting language like JavaScript over a compiled language like C and C++, GUIs changes a lot and needs to be tweaked in another way than system code does, so it is understandable to pick Electron, even though I loath the result.
The Qt approach with QML + JavaScript with a C++ backend worked in that regard quite well, expose low level system calls from C++ and call it from JavaScript, but QML had other issues.
And funny thing is that if you do JavaScript you can't escape that build step anyway when you use TypeScript, but there is hot reload at least.
One problem is that many GUI toolkits are not adopted for being consumed from a scripting language, bindings become complex and then needs to be constantly maintained.
I'm experimentering with the IUP GUI toolkit, a very well written toolkit in C. Designed from the beginning to able to be consumed by a scripting language, in this case Lua. So it doesn't rely on weird macros or overcomplicated structs, you work with opaque handles, this makes it easy to be called from any language that has FFI support, which makes bindings even easier. Unfortunately no MacOS support for IUP.
Yeah, I think I completely agree with this. Nominally GTK (and I think Qt?) is designed with scripting language support in mind. They export a bunch of XML that can be used to generate bindings in other languages, but said XML is miserably documented and in practice it's basically impossible to leverage it (I recall various attempts at generating Go bindings and all ended in failure--it became apparent that it was easier to manually maintain bindings rather than generating them from said XML).
Perhaps rather than "bindings" you're thinking something like GTK and Qt's JavaScript integrations (embedded scripting languages vs bindings)? These are bummers in that they use some home-grown JS interpreter implementations which don't implement any standard version of JS (or at least not a very recent standard) and it's very confusing what is and isn't supported, and IIRC the docs aren't great here either.
I guess there are two different kinds of bindings.
1) Scripting language is still the driver of the application, it uses "bindings" against a GUI library to implement the application. This is the one I'm most interested in. And if you need low level stuff, you implement that as dll/so library and uses that from you scripting language.
What usually happens is that you need to read the GUI library C or C++ code and examples to understand it, because the bindings documentation is not enough, and then translate that to your scripting language, can become a bit tedious with trial and error if it not obvious how to do it.
XML as descriptive source sounds good in theory, that is why I'm somewhat intrigued by how Microsoft has done it the past with COM and now how they have expanded that with WinRT where you can implement language projections that can handle cross language types (projected types?) so you can get a natural interface in the language you are working in. But I'm not a .NET developer.
I think I looked at Go-Qt binding but if I remember correctly it was alpha and had problems. Python-Qt exist but I don't know much about it. Read somewhere that I was just easier to use C++ directly, less hassle, don't know if that is true.
Vala looks like a nice solution if you want to go full GTK. Problem with GTK is that it is not truly cross platform, Gnome team does not prioritize other platforms as Qt does. And GTK breaks existing functionality too, even between minor versions (still true?).
That is why I started too look at IUP, IUP uses GTK on Linux, but win32 on Windows.
Tried to do a C++20 project with IUP, but gave up, even with all the new fancy stuff for C++ it is still awful, better yes, but same old problems are mostly there. When you are writing a GUI code you don't really care if your string is a const ref or pointer or what not, you spend the time on all the wrong things and C++ invites to think and micro optimize all those decisions(use or not use auto in for loop? how to write to best constructor? Optimal initializer?). Then before you know it you binge watch C++ talks with Nicolai Josuttis and have difficult sleeping at night. And if you go heavy into smart pointers, why not just use a GC:ed language to begin with? Qt solves that well with QString, QList etct, doesn't matter if pass by value or not, but then you need to handle qmake. I'm tired of awful build systems, they are everywhere, still scarred for life by cmake and when I tried CLion. Now I do things over FFI instead, sleeps much better.
2) Scripting language has "bindings" to a GUI application/framework, more of a plugin system. Gnome is a good example there, but as you say, different JavaScript engines between these "bindings", and for Gnome, poorly documented.
I think for Gnome and other desktops that uses this technique, it is in the right direction, but the quality of the plugins I have used is most of the time poor, memory leaks etc, you end up using just use the approved ones if you don't like to restart your desktop once a day. If that is because of poor bindings or poor plugin implementations I don't know.
> What usually happens is that you need to read the GUI library C or C++ code and examples to understand it, because the bindings documentation is not enough, and then translate that to your scripting language, can become a bit tedious with trial and error if it not obvious how to do it.
Yes, this is very true.
> XML as descriptive source sounds good in theory,
Agreed, and it could probably work in practice with enough investment (ideally forego XML altogether in favor of a markup language that isn't hostile to humans and machines, document the schema thoroughly, provide reference implementations, etc).
> I think I looked at Go-Qt binding but if I remember correctly it was alpha and had problems. Python-Qt exist but I don't know much about it. Read somewhere that I was just easier to use C++ directly, less hassle, don't know if that is true.
Yeah, the Go-Qt binding was just incomplete. There was a Go/QML project early on, but I don't think it allowed for data to flow both directions, which seriously limited its utility and then it just kind of faded into obscurity. Pyqt (there was a competing Python/Qt binding as well, but I forget what it was) was okay, but again it didn't have very good documentation and it would still segfault all the time. One or both of the Python/Qt bindings were also poorly supported.
> Vala looks like a nice solution if you want to go full GTK.
I tried this as well, but it's a thin veneer over GObject and still has many of the same problems. It also lacks any kind of build tooling or package management, and again, it's not adequately invested in and the documentation is poor (or this was the case when I last tried it).
> I think for Gnome and other desktops that uses this technique, it is in the right direction, but the quality of the plugins I have used is most of the time poor, memory leaks etc, you end up using just use the approved ones if you don't like to restart your desktop once a day. If that is because of poor bindings or poor plugin implementations I don't know.
There's always tk if you prefer using a scripting language. Most scripting languages have bindings for it and at least with python it's the official toolkit for the language.
Isn't Libhandy (the library used for making mobile linux applications for the Pinephone & Librem 5) GTK based? I assume that would help tremendously with popularity as well
I think it's mostly that Rust has a lot of energy behind it while and it attracts people who tend to be very capable and interested. Notably, [druid][0] and related projects are being worked on by [Raph Levien][1] who, well, I'll just quote his HN bio:
> I do research on fundamental UI technology and 2D graphics, with a focus on Rust and fonts. Currently on the Google Fonts team.
Rust also addresses many of my grievances with GTK and C++, notably the need to bolt on (although "bolt on" seems to imply less fragility than is the case) language features to give a higher level facade or otherwise deal with the deeply impoverished C and C++ build tools. Related to the previous point, Rust makes it much easier to bring in a dependency and write tests. Similarly, Rust benefits from a long tail of minor tooling improvements including documentation generation and hosting to text editor integration (Qt ships their own IDE which is of decent quality, but you have to go all-in on it; you don't get to use the plugins, keybindings, etc that you know and love from vscode / vim / emacs /etc and even then IIRC it only knows about things in the Qt project but not necessarily third party libraries--although with enough blood, sweat, and tears you can probably cobble together something based on clang metadata).
I'm not entirely sure this answers your question, but one of our founders, Dave, wrote a post that may give some context: https://dteare.medium.com/behind-the-scenes-of-1password-for...
If that doesn't address your concerns please feel free to reach out to us at support+linux@1password.com — we'd love to chat. - Ben, 1Password
I don't think it's anything to do with toolkits, and everything to do with packaging and ABI issues.
You can't distribute a commercial, binary app for 'Linux' easily unless you statically link everything (which you cannot do with Qt without breaking the license) and compile on something ancient.
Even using something like Qt, writing a C++ GUI app for the 3 major platforms (macOS, Windows and Linux) is about 10x more work than getting something like Electron working and distributed.
> Even using something like Qt, writing a C++ GUI app for the 3 major platforms (macOS, Windows and Linux) is about 10x more work than getting something like Electron working and distributed.
In my case, I did most of my development for an embedded target, which meant my org shipped the entire OS and therefore we only had to worry about the packages we were shipping. Packaging wasn't much of a problem in that context, but it was still many times more effort than an Electron app--my issues tended to be related to tooling and language.
I think it's just marketing. The devs where I work started promoting everything that isn't a web page as "native", and web pages that don't have external dependencies as "static", even though they are still dynamic apps loaded with javascript.
The issue is that we call pure web apps "apps" too now, so it can be hard to differentiate. We just released desktop clients (electron) for our platform, and native was a term I didn't want to use but it is quite helpful to distinguish the two.
"Native" doesn't mean anything. Everything is native; I mean, at some point, its making syscalls and running bytecode on the processor, its not running in a Virtual Machine, that seems pretty "native". Or, nothing is native; it runs through an interpreter, or fifty thousand layers of UI library abstraction, or whatever. Websites definitely aren't native, right, electron... isn't... Windows WPF apps, classic native, jeeze they're horrible to use though, but UWP, also native, but, I can write them in HTML and JS? Weird.
There's no logically correct definition of "native" which is also useful. Its just a buzzword that a few otherwise smart people use to mean "its fast". Every single stack out there can be engineered to be slow; some stacks cannot ever be engineered to be fast; Electron is not one of them.
What is a fast Electron app? Visual Studio Code is praised the most by far. And even it's slow compared to alternatives like Sublime Text.
Native is short for native code or native UI depending on context. Native code means AOT compiled. Native UI means it uses one of the platform's conventional UI frameworks. You can have native UI without native code.
Classic Windows apps are great compared to most alternatives.
It is sad, running Firefox as a browser, Slack, Teams and 1password as 3 more browsers... Oh I forgot Postman! What are other "apps" common among developers built on the Electron?
I'm actually surprised by that, I've been using the beta on my Linux machines and never noticed anything that would suggest it was electron. No performance issues, weird UI, etc. I actually prefer it to the MacOS/Windows native clients.
> We believe that native apps with deep integration create a better experience, so 1Password for Linux will feel right at home on your desktop, whichever flavor of Linux you choose.
> Out of the box, you’ll find:
Automatic Dark Mode selection based on your GTK theme
Open network locations (FTP, SSH, SMB)
Integration with GNOME, KDE, and your favorite window manager
System tray icon support for staying unlocked while closed
They used to have a paid tier where you just pay for the software outright and use it offline. They have been making it harder and harder to find every release, so it may not exist anymore.
If history is any indicator, they will say it’s not subscription only while simultaneously leaving all the docs and kb articles on their website in a state that makes it sound like it’s subscription only. They don’t really want non-subscription customers, but they don’t want to say that outright. This has been clear for years and is the reason I’ve given up despite thinking their (non-subscription) product is worth the money. It just feels like they are always on the verge of dropping support for it.
According to this forum post I just found[1], they are "no longer advertising" the non-subscription mode, and they apparently will not directly answer questions about whether it's still sold:
>> "We're no longer advertising standalone licenses"
Does that mean "We're no longer offering standalone licenses"?
> Membership [aka subscription-based] is the way forward with 1Password.
It's really disappointing that their communication is so transparently evasive on this point.
We continue to sell licenses for each 1Password 7 for Mac and 1Password 7 for Windows. These licenses are available within the app when downloaded from our website. We would strongly recommend 1Password membership as that is going to provide the best experience, but if you’d prefer a license for one or both of those products they are for sale.
We recommend memberships as they address a number of requests our customers had that we were unable to accommodate without connecting to a server to perform the heavy lifting, such as 2FA, sharing, etc. It also significantly simplifies the purchasing experience: a subscription includes access to the latest versions of all the 1Password apps. You can read more here: https://support.1password.com/explore/membership/
- Ben, 1Password
As a standalone license customer for almost 10 years now, the constant responses like this and the deliberate non-answers on the forums really make me wonder how long I will continue to use 1password. I love 1password but I will not put my passwords in someone else's cloud.
It's honestly pretty insulting that every time this comes up, someone from 1password pops in to talk down to your customers and push subscriptions.
I understand the business reasons of why you want subscription revenue, but pretending that you're pushing subscriptions for the good of your customer is just so transparently false. It's good for your bottom line, just own it.
> We would strongly recommend 1Password membership as that is going to provide the best experience
is maddening. Do you guys really think we all just don't know what is going to provide the best experience? Because what will provide me the best experience is keeping it simple, not taking on an online dependency, and keep putting out standalone updates and platform ports, which I'd gladly pay for.
The condescension, evasiveness and dishonesty is just sad.
The writing is on the wall. Licenses are out and subscriptions are in. Make of it what you will. Don't get upset with the person doing their job and towing the company line.
I'm sorry it comes off that way. We don't mean any disrespect in the slightest. Your support over all these years means the world to us and we know darn well we wouldn't be here today without awesome customers like you. <3
I left a comment just above yours that I invite you to read. I don't want to repeat it in its entirety here but suffice it to say we're excited about our hosted solution and yes we can find ourselves shouting from the rooftops about it. Kinda like newlyweds I suppose. :)
Ok, so go back through your forums and threads like these and read all the "how do I get standalone" questions throughout the last 5-6 years and tell me honestly that the awkward non-answers are just you guys being excited about your hosted solution. It's evasive. I'd feel a lot more mutual respect if you'd drop the charade and just say "yeah, you guys aren't really our primary use case anymore and we're not really planning to support you. Sorry." Making us read between the lines while you play coy games like saying "well, it's not advertised, but it kinda works on some platforms" is insulting.
I can certainly understand and appreciate your point of view. You are free to disagree with mine and I am sorry that it might come off the condescending, it is certainly not what any of us want to convey.
However, we are also 1Password users and we build the product for ourselves. We are supporting millions of customers, several thousand support emails and tickets every day. And I am honest, the membership provides much better experience compared to standalone disjoined apps, manual syncing and lack of account recovery. The list of differences and improvements is huge. It certainly makes me sad when people think that it is only about sync.
My honest advice is to just make a clear statement that you're dropping standalone mode and do it. People with licenses can continue using their non-upgradeable versions as long as they want but they're not getting any more updates. That would be a lot less dishonest than pretending it's supported-ish and just hiding it deeper and deeper on every release.
Thank you for supporting us all these years! We wouldn't be here without awesome customers like you. <3
As a long time user I bet you remember when we needed to write posts like Two Factor or not Two Factor[1].
> One and a Half Factors?
Good times. :) Thankfully with our own service we are now able to provide real 2FA as our server is able to enforce it. Same with family sharing, team environments, automated backups, item history, account recovery that only your family organizers/team admins can perform, along with simple invites and easier device setup.
And it's not just new features but we can make existing ones better. You probably have seen your fair share of Conflict Resolution windows and weird sync issues over the last 10 years. Sync is a hard thing to get right and being able to rely on a server to give specific responses in specific situations has enabled us to provide a much better experience than we ever could with a generic file service.
The reality is 1Password is better than it ever has been as a direct result of allowing our developers to work their magic on both sides of the network connections. Server and client.
It's a bit dated now but I wrote From a Happy 1Password Maker[2] back in 2017 that highlights a lot of things we love about memberships. In it I explain why I'll continue to non-apologetically nudge everyone towards 1Password Memberships.
For what it's worth, not a single one of those entries in the "no more" list appeals to me in any way. I've never complained that I lost my master password, or that the license didn't work on multiple platforms, or that I accidentally deleted my files. I don't feel the need for 2FA because -- and this is a big deal to me -- my password database isn't online. I know how to do backups. It's simple and self-contained. I can use it at work where policy prohibits online password management. I don't have to worry that I'm getting continuous "new features" updates that are going to change my working environment outside of my control (I can still roll back to v6.0 if I want). I don't like external dependencies. This is a much, much greater concern to me than the "niceties" you mention that literally bring me no value. So please, stop acting like you know better than your users. You may have the 90% case nailed but you're just pissing the rest of us off with your attitude.
The problem here is how many services have been moving to forced 2FA lately (presumably because their users keep getting their re-used passwords leaked).
I'd move to 1Password (from KeePass) just to deal with these obnoxious 2FA requirements - except many of them, adding insult to injury, are SMS-only. (Feature idea for 1Password? Assign me a phone number that will automatically consume SMS 2FA codes and type them into browsers for me?)
Oh, I regularly use 2FA on individual sites. I just don't see the point of using 2FA to access passwords for sites which, if important, have 2FA enabled themselves. 4FA?
Yes, 1Password for Linux requires a 1Password membership. You can subscribe to any of our individual, family, or team accounts yourself, or if your company subscribes to 1Password Business you'll get your own family account for free.
Regardless of how you subscribe you'll always have access to your data as each client has a local cache for offline use and your account remains active even in the event your subscription lapses.
If you have any questions or feedback please feel free to reach out to us directly at support+linux@1password.com
- Ben, 1Password
Have used 1Password before they had a client on linux and I have to say: I'm very relived now that I can now authenticate with my system keyring and not by entering my master password into a browser extension.
(also much more convenient, can even use my fingerprint reader, if I wanted. On Linux!)
Thanks for the kind words! Glad to hear it is working out. We have beta support for mutual unlock of the Linux app and browser extension so you can unlock in the browser using your fingerprint. You can check it out here: https://1password.community/discussion/120745/a-better-way-t...
- Ben, 1Password
Just a warning for people who don't know the parent is referring to the extension formerly called 1Password X (now just 1Password in the browser because AgileBits wants you to use that one) which puts ALL OF YOUR PASSWORDS into your browser's memory.
This is an interesting concern, and you've pasted this identical comment at least three times in this thread. Could you elaborate or link to somewhere that explains this in detail?
> They do not say that they do not decrypt your entire vault into browser memory, because they do.
I am sorry but this is just wrong. I have close to 6,000 items in my 1Password across family and business accounts. Loading everything into memory all the time would be ridiculous.
I agree, but I was under the impression that the vaults were encrypted as a whole, but according to the security white paper that changed at some point. So you can decrypt individual passwords. So I’m happy and am in the process of correcting my comments. Sorry.
The extension is using IndexedDB to store the passwords and other items. A lot of work went into making sure the extension uses as little memory as possible.
This statement by me was incorrect and based on the belief that they still encrypted vaults as a whole, but they’ve moved on to encrypting individual passwords so they can be decrypted individually and my whole concern was unfounded. I can’t edit that comment anymore, probably took too long. But it is wrong.
We at saas pass authenticator and password manager solved the linux support by building a comprehensive browser extension application that does not require a desktop app at all. It is a different approach eliminating the need for a local client. All the major browsers on Linux are supported including chromium.
Sure, but a browser extension cannot handle anything outside the browser. Which for many is fine, but there are still plenty of individuals who need that outside the of the browser.
Pretty much all password managers I've used have had this. I see having to copy and paste more as a workaround for a missing desktop client rather than a solution.
What a scam. All this hype and it is another Electron app. Windows and Mac versions are native and yet Linux gets a version that uses 'Electron'. Yuck.
Fortunately, to give us the illusion that it is 'fast' they need to mention that it uses 'Rust'. And?
How does calling 'native integration features' make it 'native'?.
If the whole app is running in a 'browser' (which is exactly what Electron apps do) it is not a native app. 1Password 7 on my Mac is a native app.
> What are you looking for in non electron apps that is missing in this version of app?
In general. That fact that I don't need to upgrade the RAM of my computer to run multiple apps at the same time. I can do that with native apps perfectly but not with downloading and using tons of Electron apps. Has to be close one app and open another or else the computer grinds to a halt.
Adding one more Electron app to the mix (Regardless of using 'Rust') makes it a step closer to running my computer to the ground.
Hi rvz! Are you having performance issues with 1Password for Linux? I understand some folks are just anti-Electron based on what other vendors are putting out there, but the app has been quite responsive for me. Please feel free to reach out to us at support+linux@1password.com if you're experiencing any sort of sluggishness and we'll be happy to help. Thanks!
- Ben, 1Password
I've just switched to KeePassXC from bitwarden in the last month, and the experience has been pretty bad. My main complaint is that KeepassXC-browser can't recognize maybe 30-50% of login fields, and the autotype shortcuts seem to be broken in Firefox. Maybe I can switch to 1Password.
I've had the beta installed a long time but it stopped working a week or two ago. Perhaps I need to reinstall or something now that the main version is live?
I think something was borked in the config/sqlite db a few updates ago when the 'native' auth parts were added. I was bitten with the same bug. Nuking the `.config/1Password` directory and re-adding my account seemed to work. Not a great solution, but it's worked fine since.
Really sorry to hear about that. You may've missed a database migration during the beta period. Please reach out to us and we'll be happy to help. support+linux@1password.com
- Ben, 1Password
Were you able to update to 8.0.34? We recently moved the deb and rpm repositories to prepare for this release. Installing the deb or rpm from https://1password.com/downloads/linux/ should setup the correct repo for future updates.
If you have 8.0.34, and still can't log-in you may be experiencing the issue yabones described. support@1password.com can provide you with more hands-on help.
Do you have any 2FA setup? My work uses Duo 2FA with 1Password and I had to kick my Duo account into bypass mode to log in. I opened a support ticket with 1Password and they said it is a known issue with Duo + 1Password.
I'm a big fan of 1Password. I've been paying for it for years. A few years ago I got my partner setup in a few minutes and now they have strong passwords everywhere. Its got great features for sharing vaults with other people so I've got password managers setup for the kids too. My partner and I both have personal vaults, we have a shared vault for financial stuff, and a shared vault for our media accounts (that we share with the kids too)
I get that people bristle about SaaS subscriptions in their personal life but the $60/year it costs is well worth it. The research shows that strong passwords and limiting re-use is extremely effective at preventing account compromises and 1Password makes this dead simple.
The thing that finally made it an incredible app was when Apple finally allowed 3rd party password management in iOS.
Yes there might be better password managers out there and they might have better security. However show me an alternative with a UX that is simple enough for my 6 year old to use, that works on iOS, Android, MacOS, and now Linux.
Since Bitwarden is end-to-end encrypted, the risk isn't who hosts the data but who controls chrome extension and App Store updates. Bitwarden's servers being compromised would cause you no harm except data loss, but a malicious client update could steal all of your passwords.
Bitwarden is awesome. It's my current password manager after I left 1P.
I spent hundreds into 1P before the subscription model, as their apps were expensive and got them on multiple OS and for family members.
Then Dropbox decided (rightfully) that you shouldn't use your public folder to host websites, and 1P told their customers to either get a subscription or lose the online vault which is a critical feature of any password manager. They didn't even have the decency to offer a free year of the subscription to their current paying customers.
It would have cost 1P pennies to just host the vaults on S3, but they decided to force their customers to switch to the subscription model if they wanted to have a feature they had already paid for and 1P had been advertising for years.
You're getting downvoted, but this is all true and shouldn't be discounted. I'm in the process of migrating off 1Password after their shitty behavior of all but forcing people to migrate to the cloud.
I started with 1Password 4 (non-subscription) and considered upgrading to 1Password 7 -- yes, you could buy a non-subscription copy when I checked, although it's increasingly well hidden as an option -- and in addition to Dropbox it may have supported iCloud, not sure about that.
In the end I went with the subscription because I it's bought once for all my devices, and is great for family use, with UX that's easy from children to grandparents. As a bonus, the Dropbox sync issues just stopped - their own sync works much better for me.
I do understand the frustration about subscriptions for everything but I'd like my password manager vendor to remain in good financial health, so I'll happily make an exception and pay regularly for my password manager.
> just host the vaults on S3
That's a fairly niche audience, and it's very easy to misconfigure S3. Product development is about making hard choices, and I'm ok with 1Password choosing not to do this, just as I'm okay with them not supporting WebDAV -- YMMV.
What I do wish is that 1Password would support a few cloud storage options (e.g. Google Drive, OneDrive etc) on mobile so that people who're not inclined to subscribe have an alternative, if only to squelch the inevitable complaints about subscriptions. When 1Password was a smaller company, I can see why one wouldn't want to do that as it'd take away precious dev time, but my understanding is that they have more funding now.
I agree on supporting your vendor, however, I think 1Password is too expensive. That is why I pay for Bitwarden. The difference is 33% less expensive (or 50% more expensive if you look it from the Bitwarden side). I think 3.33 euros per months is about a good valance.
> online vault which is a critical feature of any password manager
I guess by "online" you mean access to your passwords using nothing but a web browser. I can see how that could be a requirement for certain users (e.g. employees permitted to make personal use of a work computer but not install any software) but disagree that that's a critical feature.
I used Dropbox to sync my 1Password vaults (including a shared vault with my spouse) from 2013 but never used the "trick" of publishing it through the public folder before Dropbox dropped that feature in 2017. I continued using Dropbox to sync vaults until last year when I upgraded to 1Password 7 and a family subscription.
> you've probably never lost your phone while traveling.
Yes, like most people, I have not. If I did, on most trips I’ve had a laptop and anything critical would also be in the shared vault on my spouse’s phone.
If I didn’t have any of that, I could install the client on another device to access my vault, if someone would let me; a risk but possibly worthwhile in some critical hypothetical and not really different than using a browser on it (I don’t even know what such a scenario would be, if I was robbed of everything?). Or I could buy a device (even if I was robbed, I could call my parents to pay).
Like OP, I’ve used 1P since the early 2010s. Its approachability (and the fact that I pay for it) finally convinced my family (SO/siblings/parents) to use a password manager. I love the native experience on iOS, and the full desktop version + browser extensions
I remember being frustrated by the Dropbox loss, and I’m
still frustrated that they seem to push 1PasswordX over the native apps. Other than that I’ve only had 3 major gripes:
1) Lack of Linux support
2) Lack of good ssh key management
3) Lack of ability to self host
I’ve been eying BitWarden for awhile-
How was your transition/migration to Bitwarden from 1P?
How does the iOS integration compare to 1P?
Do you self-host?
> I’m still frustrated that they seem to push 1PasswordX over the native apps
This is one of the things that pushed me to choose bitwarden over a 1password families subscription (even though I get the latter for free from my work).
I don't like the idea of credentials living in a browser extension (or even in a browser). I'm not confident in the long-term security of the entire setup, especially with the "evergreen" nature of modern browsers. I don't like telling my less-technical family that this extension is okay, but absolutely don't trust any other extensions.
Interesting! I honestly hadn't seen the perspective that we were pushing 1Password in the browser _over_ the apps. We may need to look at our messaging on that. Personally I think the best experience comes from using both in conjunction, especially with the new mutual unlock feature.
> I don't like telling my less-technical family that this extension is okay, but absolutely don't trust any other extensions.
I do understand this dilemma, but I'm curious how you reconcile that against things like the benefits of filling from the extension avoiding the system clipboard & key loggers, the inherent phishing protection that comes from 1Password only suggesting credentials on sites where the URL matches your items, etc.
Telling folks the 1Password extension is okay and others are not is the approach we take internally.
> I'm curious how you reconcile that against things like the benefits of filling from the extension avoiding the system clipboard & key loggers
I'm mostly punting this to macos. I don't give my kids admin rights on the devices I let them use and in general I think you need a11y access to log keys on mac, granting which requires admin.
AFAIK, modern browsers prevent interaction with the clipboard without user interaction, so using the system clipboard for passwords is not a huge deal. As a mitigation, 1password and other password managers clear the clipboard after a timeout.
On my linux machine, I use a bitwarden CLI in a script that either uses xclip to put the password into the clipboard or xdotool to type it directly. To my understanding, the security model in X is quite a bit worse than that in mac, but I prefer this over using a browser extension.
> the inherent phishing protection that comes from 1Password only suggesting credentials on sites where the URL matches your items
I can't wait for a passwordless world to come. For now, my kids only have credentials on sites that are relatively worthless, and I use U2F on all the sites/services I possibly can that have any value.
On the sites that have value but don't support U2F, I either accept the risk or try to find alternatives. Banks and financial services (I live in the US) are a perennial disappointment here.
I do use the bitwarden app on my iphone, and when you actually go through the password filling feature (instead of just switching to the bitwarden app and searching), it does suggest only those passwords that match the URI you're looking at. I haven't closely examined why I'm okay with this integration but not a browser extension on other platforms, but I am.
I'm happy to hear our export worked well for you. We spent extra effort there to make sure our export format contained enough structured information that it could be imported properly elsewhere. I hate data lock-in and we wanted to make sure you wouldn't be locked into 1Password.
It's slightly shocking how angry people get about companies going from one-time purchase to subscription. Like many software companies, 1Password made a business decision to focus on a subscription product. This strikes me as reasonable and naturally aligned with the customer expectation that this software be supported in perpetuity as OSes and browsers evolve over time. $5/month is not a crazy price to pay for a critical piece of software you use every day—to the contrary I kind of feel like it's the minimum price for a consumer software product to be sustainable. I don't want my password manager to be cutting corners because they can't afford to invest properly in the product.
As far as deprecating the bring-your-own-sync approach, I understand this is legit flexibility that some customers want, and I'm glad there is a competitor that does a good job of it. Personally though, after many years of using 1Password + Dropbox, I must say I've had a lot fewer sync problems since migrating over to 1Password for Families. If I had a broad sync strategy maybe I would feel otherwise, but I don't—to the contrary, I'm moving away from Dropbox because of the shenanigans they are pulling with my OS internals, and maintaining a VPS or even an AWS account with S3 is a significant burden that I don't take lightly. As a product engineer, a single integrated sync is easier to provide guarantees, and prevents a lot of problems caused by third parties with no recourse to debug.
I've been thinking about this a lot about Adobe lately, specifically. I've been getting into video editing as a hobby, and the fact that I could use Premier for $20/month rather than the single time purchase of $800 or whatever it used to be is the difference between me being able to use it or not. And yeah, maybe in 40 months I would be spending more money, but there's no guarantee I wouldn't be spending money to upgrade at that point... and then once I started wanting to add in After Effects, Audition and Photoshop, $60/month for literally every Adobe product compared to what, like, $2400 for those four? And if I use any more things from the suite, it's still the same price. I was talking about this with someone the other day, and was like "Imagine telling 12 year old me that I would own a legal license of Photoshop because of how inexpensive it is."
(I am also a happily paying customer of 1password; I strongly prefer the cloud offering...)
And that's beyond the fact that, in some sense, this aligns the business needs closer to mine. It is easier and in some sense, more fair, for me to pay for the software while I use it, and not when I don't. On the business side, it's nicer too. It pretty much feels like a win-win all around, except for certain circumstances. But in the happy path, it's basically almost entirely strictly better.
I feel weird being on this side of this argument these days, but it is what it is.
well I am (or rather my company) is a paying customer aswell. they offering is really cheap and you get tons of family accounts for free.
but I think a subscription model always depends on the use case, I mean it's probably impossible to pay for everything (considering that every software that we would use, will be using a subscription)
I'm on a mac and lots of small tools are priced like 4-5 € which means I only need to buy a new version ones apple updates his os.
I thought it was an open secret that people who were just trying out the Adobe tools (and other software with similar pricing) didn't really pay the sticker price?
Maybe? I dunno, it's been a very long time since I cared about using any of them, and it's cheap enough now (and I like, have a real job and stuff, I'm not a kid and/or in college) that doing anything else would have taken more time than it's worth.
> Or you can buy DaVinci Resolve for $295 and get a lifetime license.
I make good money, and so dropping $20 on something for a new hobby is something I do without thinking, but $295 is something I have to consider. And I'm a software developer who makes a decent salary. It's more than 10x the cost. It takes fifteen months before that breaks even.
> And they make a Linux version.
I'm not a Linux user, so this isn't something I particularly care about these days.
Something I didn't talk about in the original post: I did try a few $0 editing programs at first, and I know that DaVinci Resolve stacks up pretty okay here, but one of the main reasons I went with Premire is how easy it is to get help with virtually everything, given how widely it's used. As someone who is at the "I don't even know what I don't know" stage, that's a real advantage. This isn't part of the whole "monthly fee SaaS vs one-time license" aspect of things, but it did factor into my overall decision.
I just want to add that Resolve is an amazing product no matter how you pay for it. For beginners and professionals alike. You will constantly need help using Premiere and you’ll never think you’re using it right because it’s a sum of mismatch concepts and dead ends. Resolve has a comprehensive design so you can learn how to use it and keep using it that way because the entire software supports those concepts.
Bitwarden is awesome, and super easy to self host with Docker. Heck, you could get a $5/mo DO droplet and host bitwarden_rs along with a static site or a bunch of other things! I wouldn’t suggest this to people who are unfamiliar with hosting, Linux, docker, and how to make backups, so the self hosting is admittedly limited in appeal, but even their SaaS offering seems like a great deal!
Bitwarden is a great alternative. But it must be mentioned that you need to be willing to accept the responsibility and burden of the operational overhead required to run it.
I realize that most people tout self-hosted as a "benefit", and it might be a benefit for the demographic reading HN. But for the average person, self-hosting is far from practical. Most people can't realistically boot up a DO droplet and install Docker and Bitwarden.
Heck, I am a SysAdmin as a career. I build highly available architecture all day long, but for my personal/family passwords it is honestly not something I personally want to handle. Maybe it is because I actually work in highly available architectures all day long that I am more fearful of throwing all my passwords onto a $5/mo DO droplet, that by its nature is not HA. Sure I have the expertise to lock it down, keep it secure, keep it backed up, keep it updated, etc.. But I am paying $60/yr for the VPC ($5/mo x 12 mos = $60/yr), which is the same cost as 1Password for a Family plan and is more expensive than the $36 they charge for a personal plan.
So even though I am qualified to reliably self-host everything, why would I want to? Why not just pay the same amount of money for someone else to accept that burden? Plus that company is scaled up to be running their customers on far more reliable architecture systems than I would alternatively be using on my single VPC/droplet.
This isn't to shit on Bitwarden. In fact i have a ton of experience with both Bitwarden and 1Password. These are easily the two best options on the market. Both have close to feature parity. You can't go wrong with either. But I would just cautiously warn people that want to self-host Bitwarden. This is a major responsibility to self-host an app that contains such critical information. Before you click install I would do a thought experiment of what would happen if you lost your Bitwarden installation, and therefore ALL of your unique passwords across the entire internet. Now ask yourself, how confident are you that you can avoid that situation. Then remember that affordable alternatives exist that take that responsibility away from you.
This isn't saying that you shouldn't do it. Just that it isn't practical for most people. And I honestly don't see the draw for self-hosting a personal or family account. I would self-host a business account. But why bother with personal or family? Just get a hosted account so you don't have to play "IT Person" at home when your partner gets locked out of Netflix and can't access the password.
You're not required to self-host Bitwarden, it's simply touted as an option around here for those too paranoid to let a third party host their passwords.
If you are already in the 'let someone else deal with it' camp, then Bitwarden is dead simple. It works everywhere and does a great job of keeping your vault in sync on any device. All for way less than 1Password.
Going to confirm this: BitWarden is dead simple to set up without any hosting requirement. There's an option to host it, which I haven't tried, because the base setup is so dead simple.
This whole comment was a great read, and parallels how I personally feel about self-hosting. I have a homelab with my own servers where I love to play with this kind of stuff. Do I want the responsibility of setting up and maintaining the 1Password service all by myself as a production environment? Absolutely not.
I have more infrastructure in my basement than some small companies have in their entire organization. :D But in terms of relying on that infrastructure, run by me alone, for something as mission critical as 1Password? I'll pass.
Bitwarden is a great option. It has all the features you could need, and is cheaper (and critically has a free plan). That's basically my default recommendation for most people. I know most people won't consider anything other than free.
I still choose to use 1Password personally, because the higher polish and experience is worth the slightly higher price for me.
Very nice!
The UI is not pretty, but the UX surely is great. Bitwarden also provides true black theme for OLED.
Website auto-detect key works well on Safari, but hit-and-miss on other browser (just like 1P is—or was).
I had to reduce #Lastpass importance here, when they crippled the multiple plaform usability so my natural choice was #Bitwarden. THe fact that they are open source and will not pull such a stunt as lastpass did was vital for me.
Lastpass is now reduced to usage on linux machines, while bitwarden superceeds it on all platforms, even when new ones come in the future
Really? I was using the computer at 6, although basic stuff in DOS (I remember being proud I knew how to start games etc). At 6 you're in primary school in the UK and using a computer and internet safety is definitely a big thing. Not sure why you'd be saddened by this? Its not like its a black and white you either play outside or you use the computer thing. People can do both and learning about technology early is a good thing.
I did all that too. I concur with your overview. I don't see the world as black and white either. We know that children are more easily exploited, no matter how tech savvy, but it's not so much the 6 year old age that hit me reading that; it's the fact the having an offline private life is being eroded, and I'm not sure about what is replacing it.
Malware bots on the Internet don't care how old you are. If the kids are on there (all of their friends already play Roblox and talk about it incessantly) then they need to have the same level of password security and care with personal data than an adult does.
The last thing a 6 year old needs is some asshole opening a dozen credit cards in their name and maxing them out on cash advances to buy Bitcoin.
I used to be a strong advocate of 1Password, but I was also using Syncthing to synchronize my password database to multiple devices. 1Password basically killed support for that because they want people to pay for their SaaS offering. I ultimately switched to self-hosted Bitwarden and have been much happier with it.
The functional uselessness of ALL site breach notifications from EVERYONE who will send them to you is something that pisses me off to no end.
"Your Email was found in the data dump from the FooBarBaz.NET hack!"
Okay, which site was this?
Is there a password I'm supposed to change?
Was it actually a password I stopped using 5 years ago, but is still floating out there somewhere?
None of these questions are ever answered in a way that's actionable, so these notices get effectively ignored.
(FWIW, back when I worked at a certain big company and they provided this service to employees, the data dumps actually did contain enough useful info to answer the questions some of the time. But the services available to the general public, even if you pay for them, are damn near useless.)
Exactly, also, many times I aliased the sign up email or otherwise made the username unique. And I already have unique password, so there just isn't anything to care about for 99% of services.
There's a bunch of high-impact leaks that had a rather inscrutable nickname - from the front page of https://haveibeenpwned.com/, I certainly wouldn't be able to tell what does being affected by a "Collection #1" breach mean, or "Exploit.In" or "Anti Public Combo List".
That said, HIBP specifically does provide that information which is more than actionable, and that being the most prominent of these services, I'm not so sure what the complaint is about really either...
1Password does give you some useful info by flagging websites which have been known to have database breaches, and it keeps the flag in place until you update the entry with a new password. I think the info is obtained via integration with haveibeenpwned.com.
I setup Bitwarden for my mother and step-father last year as it is free for basic use and they don't care for any of the advanced features.
While the UX of Bitwarden isn't quite as polished neither have had any issues. They use it on their Windows laptops and Android phones just fine.
I think the fact my mother hasn't asked me to help her with her Facebook password for over a year now speaks volumes over how well it works for her :)
1Password is indeed a superb product though. I do like to chime in when password managers are mentioned to help spread awareness of Bitwarden as they don't have the same level of marketing as 1Password and I appreciate that Bitwarden is open source and all that jazz :)
> However show me an alternative with a UX that is simple enough for my 6 year old to use, that works on iOS, Android, MacOS, and now Linux.
I have my keepass vault in my dotfiles repository. All i need on any device is keepass and if i want to write to that vault, git.
Of course i secured my publically accessible vault with a strong password and an additional token.
Works fine for me but i have to admit, using a lot of devices with write access to that vault would get cumbersome.
I think we should move away from passwords entirely, the UX for that is often much better for users (and as a bonus, you don't need to worry about your password being compromised, or password managers).
Hard drives are large enough nowadays to contain a whole copy of the internet. Instead of connecting to the internet to access the web, computers should serve up local copies of the sites instead. Then it is 100% secure and there is no more need for passwords or insecure WiFi connections.
2. The core problem is still that you need to be able to communicate with others, for which you need to identify yourself. Where a site is served from doesn't change that.
English Wikipedia is 150GB with images, Ethereum full blockchain is almost 1TB. Library Genesis and SciHub are both hundreds of TB. Also. Good luck reading new emails while offline.
Nothing off the top of my head, I think people jumped ship off LastPass when they were bought out by LogMeIn. I know they chopped and changed what you could get between the free and premium versions a while ago.
KeePass is free and we all already pay for some type of cloud storage (gdrive, itunes etc). Combine with your own encryption method to compress, forget about pass
Even though we’re a Bitwarden family, I’m happy to see other password managers supporting Linux, the world needs more native Linux support in their applications!
Edit: not too happy about electron, but it’s still a step in the right direction for the common folk who use Ubuntu and aren’t the most tech savvy and just don’t care
Bitwarden is also Electron, at least on MacOS. I discovered that when I wanted to mass-delete entries and Cmd-A selected a bunch of random text on screen (including the hint text in the search box...). Was able to confirm by pressing F12 which brought up the dev tools.
Correct. For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using pass on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software.
This comment has big "why use Dropbox when you can get an FTP account, mount it locally with curlftpfs, and then use SVN or CVS on the mounted filesystem"[1] energy. I think that's the joke you're making?
No, but in all seriousness, I emphatically DO NOT UNDERSTAND the extent to which people place trust in external services to manage passwords. While I appreciate that they do have good skin in the game by being paid, etc -- your password storage on SOMEONE ELSE'S MACHINE fundamentally creates another huge attack vector/opportunity to screw it up, when they also must be accessed locally somehow.
I appreciate it if you're like "look, the convenience outweighs the safety," but it really feels like most of these discussions hand-waves away this fundamental flaw.
I say this especially as someone who doesn't do a lot of passworded services on my phone, because, you know, that stuff is really insecure no matter how good your password is.
If it works for you, that's good. It's less the specific issue and more it indicated to me I was rolling my own crypto and didn't know enough to avoid shooting my feet off.
Exactly. I have an open source password manager on my Linux laptop and the data files are backed up weekly to 2 different locations (along with other valuable information). Granted, I have little need for password management on the phone, but even if I did, why would I trust someone to keep track of my credentials? I just don't get it why so many people seem to be ok with this...
I suppose I mean "service" more than "machine," i.e. any system in which the owner of the other machine has a shot at getting at your stuff. I know "zero-knowledge" is possible, but, again -- why risk it?
> * I emphatically DO NOT UNDERSTAND the extent to which people place trust in external services to manage passwords.*
I'm generally fine with this if the password vault is end-to-end encrypted, the vault's password is never shared with the server, and the server doesn't have access to the plaintext passwords at all.
At that point you have to trust that the crypto used for the vault is done correctly (and that trust is easier to come by if the clients are open source). But that's the same trust you'd have to extend if you used another solution (e.g. Bitwarden) that allowed you to self-host the sync service.
If you only access password-protected resources from one system, then you don't need sync at all, and this problem goes away. If you do need sync, you're going to have this problem no matter what.
Since most passwords can be reset via email, you're placing a similar level of trust in your email provider (and if you host your own, in your domain provider).
At some point the paranoia isn't productive anymore.
Partly given 2FA, but more importantly the fact that I check my email pretty frequently (most of them will be like "hey, someone's trying to change your password, is it you?), I don't think that's a fair comparison.
Be aware that anyone who has access to your email can also delete the "we changed your password" emails.
Properly engineered a cloud-based password storage system should be at least as secure as email, if not moreso (and I believe 1password has it engineered that way).
Sure -- except that the deeply centralized password storage system is a MUCH more attractive target; you've put all the goodies in one place, which is part of my entire point.
There is a WHOLE LOT of incentive to try to hack 1Password and far less to try to hack my dinky email, or even, e.g. gmail to try to find what you're looking for as the hacker.
I do as well, but I have to admit that a browser-based solution has a real security advantage when it comes to phishing protection, since it has access to the URL and can compare it to the one stored for the password.
It would be cool if there was some open password management API that browsers/password managers could implement to solve this without extensions.
> 1Password for Linux also debuts with several features that are coming soon to 1Password for Mac, Windows, iOS, and Android
That should be encouraging for Linux users. It suggests that the Linux version is not just a port that will forever at best follow the other platforms. It can get pretty annoying when you have something that is available on multiple platforms, and your platform tends to always lag the others.
Rich Harris has it right. LANPAR is in fact the world's first electronic spreadsheet. The inventors/creators also invented implementing Forward Referencing - the cornerstone of spreadsheets. This was in 1969, ten years before Visicac and 14 years before Lotus 1-2-3.
LANPAR was used extensively for Plant Budgeting operations across every telephone company in North America throughout the early 70's.
VisiCalc, SuperCalc and TKSolver did not have Forward referencing. You had to manually refresh the screen (recalculate the entire spreadsheet) and watch to see when cells stopped changing values (if they needed results from cells further in the spreadsheet (left to right, top to bottom).
Lotus 1-2-3 did have Forward Referencing. Multiplan I, did not and accordingly could not hurt Lotus until MultiPlan II incorporated it.
I had communications from magazine editor(s) who simply had not been aware of LANPAR because it was so far ahead of its time, and 10 years later VisiCalc implemented its spreadsheet on Apple's microcomputer - popularizing spreadsheets at a consumer level. So Yes, Rich Harris got it totally 100% right!!
1Password in Firefox unlocking the desktop app caught my eye. I'm on Mac and have to unlock 1Password in Firefox completely separately from the desktop Mac app.
I noticed this as well and if I am honest it is a tiny bit annoying when the app is open in another workspace it pulls me to it instead of pulling the app to the current firefox instance. This forces me to bounce back to whichever workspace the firefox was on. Not a huge issue though.
Just a warning for people who don't know the grandparent is referring to the extension formerly called 1Password X (now just 1Password in the browser because AgileBits wants you to use that one) which puts ALL OF YOUR PASSWORDS into your browser's memory.
The "classic" 1Password browser extension already unlocked with the desktop app and does not dump your entire vault into browser memory just to fill one password.
I think you might have a misunderstanding of how our browser extension works. Just like our desktop app, your password is only in memory if you copy it to the clipboard, fill it in the browser, or reveal it within the app. Your passwords are always stored encrypted on both the desktop app and browser extension, and we make an active effort to keep secrets out of memory. I hope this clarifies things.
Turns out that yes, I thought that the vaults were encrypted as a whole, but according to the security white paper that changed at some point. So you can decrypt individual passwords.
Did the classic extension work on Linux? When I switched from MacOS having to use the (terrible) 1PasswordX was one of the things that really annoyed me.
Since 1Password for Linux appears to be backed by Electron, perhaps it’s a sign that other platforms’ native clients will be replaced by an Electron-based client to get these new features.
The "behind the scenes" blog post linked in a sibling notes that they've architected the Linux release with a headless backend component that they'll be moving every client to use. So while there will be HTML-based clients with Linux and browser extensions, I think there's a decent chance of greater feature parity across platforms with native clients in the future too.
Yup! In many ways Linux is leading the charge. Not just with these features but also for development as a whole. Here's the background story on how 1Password for Linux started and how it was built:
Hey disgrunt. We have a number of VoiceOver users on Mac, so something doesn't sound quite right (no pun intended). Please reach out to our support team at support+mac@1password.com and we'll be happy to help.
You're welcome! And thank you for supporting us all these years. <3
We looked around a bit but Electron worked so well for us when we started development in 2019 that we didn't have a need to continue searching. Electron also has such a strong community and momentum behind it that I'm happy to continue using it.
Sciter looks interesting and so does Tauri. Perhaps one of those will win out next time we do a deep dive here. :) Until then I've been really impressed with how well Electron is working when paired with Rust.
PSA: Note that AgileBits intentionally hides the standalone license option and pushes subscription as the only visible scheme to get the application. This is a long standing dark pattern, and though the support staff will admit on their forums or here that the standalone license does exist, you wouldn't be able to find it without some special incantations on the forums. They will keep reiterating that it's for your own good so that you don't get confused.
The application UX may be great. The sync may be great. The security of the closed source application may be great (because of audits). But this single dark pattern and the condescending attitude of their team members whenever the topic of standalone license comes up are enough to avoid this company. If you can get to the standalone license purchase option within three or four clicks from the main site, do let me know.
I switched out of 1Password to Bitwarden long ago. I will admit that Bitwarden is not fantastic (I find it somewhat slow and also lacking some features). But it doesn't use dark patterns like AgileBits does.
In my mind, Enpass is one that does it correctly. They don't offer a sync service, instead they let you choose from a number of popular ones (OneDrive, Dropbox, iCloud, and a few others), one of which you probably already use. There's no need for yet another cloud service to solve this already solved problem.
I used the standalone option for 1Password for many years. They too allow the same thing. I would store my 1Password vault on Dropbox, which effectively handled the sync for me.
That’s the feature that made me switched to Enpass as well. Between the licence thing and pushing the subscription, I have lost trust in 1Password, even if it (still) offer the drop sync as well.
I used to think like that but syncing files and syncing passwords across multiple devices are different things, mainly because of conflict management. If you have a conflict on a file which has been modified on two devices, there is not that much do you can do except using the most recent update based on timestamps and keeping the other one as a backup file. Dropbox does that for example. For password entries, it’s possible to be much master and do the same per entry, and even merge the fields within an entry. To do this in a reliable way on a remote file system, I think a file locking or a compare and swap mechanism is required.
Another constraint with using a file sync service is this is introducing a kitchen and egg problem when we lose everything. We first need to restore access to the file sync service to then be able to recover the password file. Which means we can’t use the password manager for the file sync service. Not a deal breaker, as it is what I’m currently doing, but I’ve always wondered how it would go after a catastrophe like losing everything in a home fire.
I'm not sure how you'd get that fine-grained when syncing with a normal file syncing service. That said, I'm generally not modifying entries in my password manager on two machines at the same time, nor am I dealing with long periods without connectivity, so I've never found this limitation to be a problem.
The bootstrapping problem is an interesting one. Instead of just having a master password for the password manager, you also have to have the file sharing password as well. Like you, I've somewhat accepted this situation.
For the home fire scenario, offsite backups are the answer. When you restore your backup (likely with yet another password involved!), the recent-ish local copy of the password database will be restored with it and you can use the passwords stored in that to bootstrap the syncing process.
My current offsite backup regime is just a pair of portable USB drives. One is at my office, the other is at home, and I rotate them weekly (COVID messed this up). There are many other ways to do this - cloud services, a NAS sitting at a friend's place, external drives in a bank safe deposit box, etc.
Yea I paid $65 for the standalone version back in 2016 which seemed really expensive for something that's essentially an encrypted database (despite its great UX). My reasoning is I didn't need any of the fancy family sync features and preferred to handle the syncing myself for free. They've basically discontinued that product and I can't update to their latest app since it only supports the SaaS product accounts. Complete waste of my money.
I started using 1Password a long time ago (~10 years) when the only option was the standalone license option. It is a lifetime license for about the cost of ~2 years of subscription.
They still sell and "support" this standalone product. But I use the word "support" in quotes because the standalone license doesn't offer all the features of the subscription product. I resisted switching to the subscription product for many years, but eventually there were many features that were only offered on subscription accounts and I caved and made the switch.
So I just wanted to warn other people that before you buy the Standalone option, you should know that it isn't quite the same 1Password experience as the subscription. There are quite a few significant features missing.
Lifetime licenses rarely last a lifetime. Most products will run out of support long before you run out of life. You'd be lucky if the company even existed after 10 years.
Before subscription software became all the rage, you had to purchase a license for a specific version. You had the right to keep using the version you purchased for as long as it worked, but if you wanted any new features, you had to shell out money again for a new version every few years. Maybe you'd get free bugfixes from time to time, but that was about it.
Now we're all spoiled by the rolling updates funded by the subscription model. We keep asking for the old pricing model, and at the same time want all the new features to be backported perpetually. :)
I just switched to 1Password from LastPass after LastPass recently restructured their pricing, and it was very smooth. Just imported by passwords and they all worked.
Congrats to the 1Password team! I've been using the beta for a while now on Pop_OS! and it has been getting better with each update.
I personally don't mind that it uses Electron. The app feels snappy to me and it looks like their engineers are making efforts to optimize the experience.
I have always wondered why we can’t make visible the master password when typing it. My master is very long (pass phrase) and I have to type it very carefully, it’s even harder on mobile. Such a pain ! Isn’t it a basic UX pattern to allow the user to show/hide the password as type it (with the popular eye icon at the end of the password input) ? Am I missing something ? Is this not present for security reason ?
1Password looks cool and all, but I'm left wondering how it all works. Specifically their pricing[0]. So what happens if I just refuse to pay them when my subscription is up and I need another year/month/whatever? Do all my secrets & passwords become inaccessible?
Because if I couldn't access my passes by merely not paying up, that's plain extortion. I didn't read their terms, hopefully someone here can enlighten me.
Your data is yours. Even if you cancel your subscription and your account is frozen[0], you can still sign in to 1Password.com or in the apps to view and export your data.
The problem I see is that their Linux Keying integration is as far as I can tell done in a way it's not supposed to be used by anything and as such they need to ship with a SUID binary helper, basically a (hopefully) harmless root backdoor.
(And I'm not speaking about the chrome/electrone sandbox, which can be run without SUID on modern systems).
Do you mind expanding on why its problematic? We've built the kernel keyring integrations primarily to power the browser integration feature. In this case, "anything" ranges from users curious how it works to malware looking to steal credentials.
1Password puts in effort where possible to defend against attacks on your local system, so we need the keys currently used as part of the kernel keyring integration to be inaccessible to anything in userspace or otherwise some malware could steal credentials going back/forth to the browser.
The SUID binary helper is unfortunate, but you can blame Linux for that. Our integration makes extensive use of the KEYCTL_CHOWN and KEYCTL_SETPERM syscalls for the reasons stated above, but a process needs the `CAP_SYS_ADMIN` capability to call them (ctrl+f on the man page for capabilities). In the end, we decided that making it SUID was more transparent to users then giving it that capability on install since the former is more visible.
What's the password recovery process like with 1Password for family accounts?
I'm the administrator for my family's account on LastPass and my wife forgot her master password and has now burned the associated email.
The account was unused and empty so nothing was lost but it highlighted to me that account recovery was not smooth or seamless. As an administrator you can't just issue a password reset on their behalf.
If you're testing out these password managers, try a recovery first with a burner account before fully entrusting them with valuable passwords.
If it were possible to recover lost passwords as in your wife's case, then I absolutely would not trust the service at all. If you forget your master password, the passwords contained must be unrecoverable at that point. If they aren't, then that means the server/service has access to your plaintext passwords, and that is (or at least should be) an unacceptable security risk.
The server never gets to see your master password nor the vault key. Every client has a public/private key pair. The private key grants access to the (symmetric) vault key and will never leave your device. At vault creation time, a copy of the vault key is encrypted using the public key of the recovery group and then stored on the server.
The only secret the server ever sees is the secret (device) ID, and that’s by design.
> What's the password recovery process like with 1Password for family accounts?
Short answer:
When 1Password creates an encrypted vault, it will make a copy of the key, encrypt it with the public key of another family member (e.g. you) and hold the encrypted result in escrow on 1Password’s servers.
If your wife forgets her master password and chooses to request recovery, a special procedure starts. First, 1Password asks you to confirm that the request is legit. If you confirm, the server will delete and re-create your wife’s account, then send you her new public key and the encrypted escrow key. Your app uses your private key to decrypt it. (Now your app has your wife’s vault key.) Your app re-encrypts it with her new public key, uploads the result and forgets the key.
Finally, the server sends your wife her encrypted vault together with the thing your app just did. Now your wife can access her vault again.
Long answer: see 1Password’s security white paper [1].
281 comments
[ 33.7 ms ] story [ 2524 ms ] threadhttps://github.com/1password/electron-hardener
I’ve often thought about making my own toolkit, but there’s so much that we forget about from things like focus to accessibility to text layout and rendering (much text has been rendered on why text rendering sucks). My hope is that Rust breathes new life into native (as opposed to electron) cross-platform GUIs, and indeed there are some interesting efforts underway.
[1] https://tauri.studio/en/
Well, this is GTK password manager https://gitlab.gnome.org/World/PasswordSafe - UI works really well, use it every day.
Guess GTK will be much more popular 'cause Qt LTS going to be proprietary.
The Qt approach with QML + JavaScript with a C++ backend worked in that regard quite well, expose low level system calls from C++ and call it from JavaScript, but QML had other issues.
And funny thing is that if you do JavaScript you can't escape that build step anyway when you use TypeScript, but there is hot reload at least.
One problem is that many GUI toolkits are not adopted for being consumed from a scripting language, bindings become complex and then needs to be constantly maintained.
I'm experimentering with the IUP GUI toolkit, a very well written toolkit in C. Designed from the beginning to able to be consumed by a scripting language, in this case Lua. So it doesn't rely on weird macros or overcomplicated structs, you work with opaque handles, this makes it easy to be called from any language that has FFI support, which makes bindings even easier. Unfortunately no MacOS support for IUP.
Perhaps rather than "bindings" you're thinking something like GTK and Qt's JavaScript integrations (embedded scripting languages vs bindings)? These are bummers in that they use some home-grown JS interpreter implementations which don't implement any standard version of JS (or at least not a very recent standard) and it's very confusing what is and isn't supported, and IIRC the docs aren't great here either.
1) Scripting language is still the driver of the application, it uses "bindings" against a GUI library to implement the application. This is the one I'm most interested in. And if you need low level stuff, you implement that as dll/so library and uses that from you scripting language.
What usually happens is that you need to read the GUI library C or C++ code and examples to understand it, because the bindings documentation is not enough, and then translate that to your scripting language, can become a bit tedious with trial and error if it not obvious how to do it.
XML as descriptive source sounds good in theory, that is why I'm somewhat intrigued by how Microsoft has done it the past with COM and now how they have expanded that with WinRT where you can implement language projections that can handle cross language types (projected types?) so you can get a natural interface in the language you are working in. But I'm not a .NET developer.
I think I looked at Go-Qt binding but if I remember correctly it was alpha and had problems. Python-Qt exist but I don't know much about it. Read somewhere that I was just easier to use C++ directly, less hassle, don't know if that is true.
Vala looks like a nice solution if you want to go full GTK. Problem with GTK is that it is not truly cross platform, Gnome team does not prioritize other platforms as Qt does. And GTK breaks existing functionality too, even between minor versions (still true?).
That is why I started too look at IUP, IUP uses GTK on Linux, but win32 on Windows. Tried to do a C++20 project with IUP, but gave up, even with all the new fancy stuff for C++ it is still awful, better yes, but same old problems are mostly there. When you are writing a GUI code you don't really care if your string is a const ref or pointer or what not, you spend the time on all the wrong things and C++ invites to think and micro optimize all those decisions(use or not use auto in for loop? how to write to best constructor? Optimal initializer?). Then before you know it you binge watch C++ talks with Nicolai Josuttis and have difficult sleeping at night. And if you go heavy into smart pointers, why not just use a GC:ed language to begin with? Qt solves that well with QString, QList etct, doesn't matter if pass by value or not, but then you need to handle qmake. I'm tired of awful build systems, they are everywhere, still scarred for life by cmake and when I tried CLion. Now I do things over FFI instead, sleeps much better.
2) Scripting language has "bindings" to a GUI application/framework, more of a plugin system. Gnome is a good example there, but as you say, different JavaScript engines between these "bindings", and for Gnome, poorly documented.
I think for Gnome and other desktops that uses this technique, it is in the right direction, but the quality of the plugins I have used is most of the time poor, memory leaks etc, you end up using just use the approved ones if you don't like to restart your desktop once a day. If that is because of poor bindings or poor plugin implementations I don't know.
Yes, this is very true.
> XML as descriptive source sounds good in theory,
Agreed, and it could probably work in practice with enough investment (ideally forego XML altogether in favor of a markup language that isn't hostile to humans and machines, document the schema thoroughly, provide reference implementations, etc).
> I think I looked at Go-Qt binding but if I remember correctly it was alpha and had problems. Python-Qt exist but I don't know much about it. Read somewhere that I was just easier to use C++ directly, less hassle, don't know if that is true.
Yeah, the Go-Qt binding was just incomplete. There was a Go/QML project early on, but I don't think it allowed for data to flow both directions, which seriously limited its utility and then it just kind of faded into obscurity. Pyqt (there was a competing Python/Qt binding as well, but I forget what it was) was okay, but again it didn't have very good documentation and it would still segfault all the time. One or both of the Python/Qt bindings were also poorly supported.
> Vala looks like a nice solution if you want to go full GTK.
I tried this as well, but it's a thin veneer over GObject and still has many of the same problems. It also lacks any kind of build tooling or package management, and again, it's not adequately invested in and the documentation is poor (or this was the case when I last tried it).
> I think for Gnome and other desktops that uses this technique, it is in the right direction, but the quality of the plugins I have used is most of the time poor, memory leaks etc, you end up using just use the approved ones if you don't like to restart your desktop once a day. If that is because of poor bindings or poor plugin implementations I don't know.
Agreed.
It may suit some people's taste, it is more open than Qt in some aspects and it has better language integration by virtue of being written in C.
But, as a Plasma/i3 user, I avoid GTK apps as much as possible. Thankfully At/KDE apps are plenty and fully functional.
- C++ dynamic linking used to be slower on Linux than C dynamic linking
- A lot of Linux die-hards are simply C++ haters
- Qt's licensing used to be unfavorable to purists, which lead directly to the Gnome-vs-KDE schism.
(Though I've always had the feeling that the license fight may have just been a palatable cover for a C-vs-C++ fight.)
I was following your comment until the end - I don't have any probems with Rust but how will that help the situation?
> I do research on fundamental UI technology and 2D graphics, with a focus on Rust and fonts. Currently on the Google Fonts team.
Rust also addresses many of my grievances with GTK and C++, notably the need to bolt on (although "bolt on" seems to imply less fragility than is the case) language features to give a higher level facade or otherwise deal with the deeply impoverished C and C++ build tools. Related to the previous point, Rust makes it much easier to bring in a dependency and write tests. Similarly, Rust benefits from a long tail of minor tooling improvements including documentation generation and hosting to text editor integration (Qt ships their own IDE which is of decent quality, but you have to go all-in on it; you don't get to use the plugins, keybindings, etc that you know and love from vscode / vim / emacs /etc and even then IIRC it only knows about things in the Qt project but not necessarily third party libraries--although with enough blood, sweat, and tears you can probably cobble together something based on clang metadata).
[0]: https://github.com/linebender/druid [1]: https://news.ycombinator.com/user?id=raphlinus
It's just a hard problem and its a boring, loveless space to work in.
You can't distribute a commercial, binary app for 'Linux' easily unless you statically link everything (which you cannot do with Qt without breaking the license) and compile on something ancient.
Even using something like Qt, writing a C++ GUI app for the 3 major platforms (macOS, Windows and Linux) is about 10x more work than getting something like Electron working and distributed.
In my case, I did most of my development for an embedded target, which meant my org shipped the entire OS and therefore we only had to worry about the packages we were shipping. Packaging wasn't much of a problem in that context, but it was still many times more effort than an Electron app--my issues tended to be related to tooling and language.
But then let's say you have mobile apps as well, built with Cordova. What collective term would you use for your Desktop and Mobile apps?
It is certainly a bit verbose to specify every platform so I don't think that is a viable option.
There's no logically correct definition of "native" which is also useful. Its just a buzzword that a few otherwise smart people use to mean "its fast". Every single stack out there can be engineered to be slow; some stacks cannot ever be engineered to be fast; Electron is not one of them.
Native is short for native code or native UI depending on context. Native code means AOT compiled. Native UI means it uses one of the platform's conventional UI frameworks. You can have native UI without native code.
Classic Windows apps are great compared to most alternatives.
Honestly you can build quite a list if we are not constrained with dev tools only.
> We believe that native apps with deep integration create a better experience, so 1Password for Linux will feel right at home on your desktop, whichever flavor of Linux you choose.
> Out of the box, you’ll find:
Automatic Dark Mode selection based on your GTK theme
Open network locations (FTP, SSH, SMB)
Integration with GNOME, KDE, and your favorite window manager
System tray icon support for staying unlocked while closed
Open and fill in your default browser
X11 clipboard integration and clearing
GNOME Keyring and KDE Wallet support
Kernel keyring integration
DBUS API support
Command line API
Integration with system lock and idle services
>> "We're no longer advertising standalone licenses" Does that mean "We're no longer offering standalone licenses"?
> Membership [aka subscription-based] is the way forward with 1Password.
It's really disappointing that their communication is so transparently evasive on this point.
[1] https://1password.community/discussion/116659/how-to-switch-...
It's honestly pretty insulting that every time this comes up, someone from 1password pops in to talk down to your customers and push subscriptions.
I understand the business reasons of why you want subscription revenue, but pretending that you're pushing subscriptions for the good of your customer is just so transparently false. It's good for your bottom line, just own it.
> We would strongly recommend 1Password membership as that is going to provide the best experience
is maddening. Do you guys really think we all just don't know what is going to provide the best experience? Because what will provide me the best experience is keeping it simple, not taking on an online dependency, and keep putting out standalone updates and platform ports, which I'd gladly pay for.
The condescension, evasiveness and dishonesty is just sad.
I left a comment just above yours that I invite you to read. I don't want to repeat it in its entirety here but suffice it to say we're excited about our hosted solution and yes we can find ourselves shouting from the rooftops about it. Kinda like newlyweds I suppose. :)
++dave; 1Password Founder
However, we are also 1Password users and we build the product for ourselves. We are supporting millions of customers, several thousand support emails and tickets every day. And I am honest, the membership provides much better experience compared to standalone disjoined apps, manual syncing and lack of account recovery. The list of differences and improvements is huge. It certainly makes me sad when people think that it is only about sync.
Roustem, Founder of 1Password
You are probably right though. We should be more clear on where the future development of the product and service is going.
As a long time user I bet you remember when we needed to write posts like Two Factor or not Two Factor[1].
> One and a Half Factors?
Good times. :) Thankfully with our own service we are now able to provide real 2FA as our server is able to enforce it. Same with family sharing, team environments, automated backups, item history, account recovery that only your family organizers/team admins can perform, along with simple invites and easier device setup.
And it's not just new features but we can make existing ones better. You probably have seen your fair share of Conflict Resolution windows and weird sync issues over the last 10 years. Sync is a hard thing to get right and being able to rely on a server to give specific responses in specific situations has enabled us to provide a much better experience than we ever could with a generic file service.
The reality is 1Password is better than it ever has been as a direct result of allowing our developers to work their magic on both sides of the network connections. Server and client.
It's a bit dated now but I wrote From a Happy 1Password Maker[2] back in 2017 that highlights a lot of things we love about memberships. In it I explain why I'll continue to non-apologetically nudge everyone towards 1Password Memberships.
[1]: https://blog.1password.com/two-factor-or-not-two-factor/ [2]: https://blog.1password.com/why-we-love-1password-memberships...
++dave; 1Password Founder
The problem here is how many services have been moving to forced 2FA lately (presumably because their users keep getting their re-used passwords leaked).
I'd move to 1Password (from KeePass) just to deal with these obnoxious 2FA requirements - except many of them, adding insult to injury, are SMS-only. (Feature idea for 1Password? Assign me a phone number that will automatically consume SMS 2FA codes and type them into browsers for me?)
(also much more convenient, can even use my fingerprint reader, if I wanted. On Linux!)
(should be a browser feature)
This comment on its own isn't very helpful.
I am sorry but this is just wrong. I have close to 6,000 items in my 1Password across family and business accounts. Loading everything into memory all the time would be ridiculous.
The extension is using IndexedDB to store the passwords and other items. A lot of work went into making sure the extension uses as little memory as possible.
Roustem Founder of 1Password
(helped with design of the browser extension)
Fortunately, to give us the illusion that it is 'fast' they need to mention that it uses 'Rust'. And?
I can name Krita and that's about it.
So... yeah, I guess finding a professional skilled in Qt or GTK might be problem.
And honestly - why bother?
If the whole app is running in a 'browser' (which is exactly what Electron apps do) it is not a native app. 1Password 7 on my Mac is a native app.
> What are you looking for in non electron apps that is missing in this version of app?
In general. That fact that I don't need to upgrade the RAM of my computer to run multiple apps at the same time. I can do that with native apps perfectly but not with downloading and using tons of Electron apps. Has to be close one app and open another or else the computer grinds to a halt.
Adding one more Electron app to the mix (Regardless of using 'Rust') makes it a step closer to running my computer to the ground.
No where in my sentence is talking about the GUI alone, and that is another Linux problem for another discussion.
It is enough to say here that if the whole app is running in a browser, it is NOT a native app. That is that.
EDIT: Nope, still can't login. Bleh.
If you have 8.0.34, and still can't log-in you may be experiencing the issue yabones described. support@1password.com can provide you with more hands-on help.
(Disclosure: I work at 1Password)
I get that people bristle about SaaS subscriptions in their personal life but the $60/year it costs is well worth it. The research shows that strong passwords and limiting re-use is extremely effective at preventing account compromises and 1Password makes this dead simple.
The thing that finally made it an incredible app was when Apple finally allowed 3rd party password management in iOS.
Yes there might be better password managers out there and they might have better security. However show me an alternative with a UX that is simple enough for my 6 year old to use, that works on iOS, Android, MacOS, and now Linux.
Has clients for all platforms, open source, self hosting or free plans and saas.
Waited long time for 1password for linux and switched last year to bitwarden. Family Account for 6 Users ($40 per year)
Bitwarden enabled me to use it with Linux, Mac, Windows, Web, etc. _years_ before 1Password decided to join the party.
And there's no subscription to speak of - just a premium "extra features you may or may not want" yearly payment, which works out _much_ cheaper.
Finally - all my passwords belong to me. Self hosted server means that I keep control, not some random cloud.
I spent hundreds into 1P before the subscription model, as their apps were expensive and got them on multiple OS and for family members.
Then Dropbox decided (rightfully) that you shouldn't use your public folder to host websites, and 1P told their customers to either get a subscription or lose the online vault which is a critical feature of any password manager. They didn't even have the decency to offer a free year of the subscription to their current paying customers.
It would have cost 1P pennies to just host the vaults on S3, but they decided to force their customers to switch to the subscription model if they wanted to have a feature they had already paid for and 1P had been advertising for years.
I will never give a single cent to 1P again.
In the end I went with the subscription because I it's bought once for all my devices, and is great for family use, with UX that's easy from children to grandparents. As a bonus, the Dropbox sync issues just stopped - their own sync works much better for me.
I do understand the frustration about subscriptions for everything but I'd like my password manager vendor to remain in good financial health, so I'll happily make an exception and pay regularly for my password manager.
> just host the vaults on S3
That's a fairly niche audience, and it's very easy to misconfigure S3. Product development is about making hard choices, and I'm ok with 1Password choosing not to do this, just as I'm okay with them not supporting WebDAV -- YMMV.
What I do wish is that 1Password would support a few cloud storage options (e.g. Google Drive, OneDrive etc) on mobile so that people who're not inclined to subscribe have an alternative, if only to squelch the inevitable complaints about subscriptions. When 1Password was a smaller company, I can see why one wouldn't want to do that as it'd take away precious dev time, but my understanding is that they have more funding now.
> I think 3.33 euros per months is about a good valance.
:)
It is just that I feel that 10 per year (personal) or 40 per year (family) is a fair amount to pay for this service.
I did not know about it. Can you still do it with other provides such as Microsoft(OneDrive) and Google(Drive)?
I guess by "online" you mean access to your passwords using nothing but a web browser. I can see how that could be a requirement for certain users (e.g. employees permitted to make personal use of a work computer but not install any software) but disagree that that's a critical feature.
I used Dropbox to sync my 1Password vaults (including a shared vault with my spouse) from 2013 but never used the "trick" of publishing it through the public folder before Dropbox dropped that feature in 2017. I continued using Dropbox to sync vaults until last year when I upgraded to 1Password 7 and a family subscription.
I imagine you've probably never lost your phone while traveling.
Yes, like most people, I have not. If I did, on most trips I’ve had a laptop and anything critical would also be in the shared vault on my spouse’s phone.
If I didn’t have any of that, I could install the client on another device to access my vault, if someone would let me; a risk but possibly worthwhile in some critical hypothetical and not really different than using a browser on it (I don’t even know what such a scenario would be, if I was robbed of everything?). Or I could buy a device (even if I was robbed, I could call my parents to pay).
I remember being frustrated by the Dropbox loss, and I’m still frustrated that they seem to push 1PasswordX over the native apps. Other than that I’ve only had 3 major gripes:
1) Lack of Linux support 2) Lack of good ssh key management 3) Lack of ability to self host
I’ve been eying BitWarden for awhile- How was your transition/migration to Bitwarden from 1P? How does the iOS integration compare to 1P? Do you self-host?
This is one of the things that pushed me to choose bitwarden over a 1password families subscription (even though I get the latter for free from my work).
I don't like the idea of credentials living in a browser extension (or even in a browser). I'm not confident in the long-term security of the entire setup, especially with the "evergreen" nature of modern browsers. I don't like telling my less-technical family that this extension is okay, but absolutely don't trust any other extensions.
> I don't like telling my less-technical family that this extension is okay, but absolutely don't trust any other extensions.
I do understand this dilemma, but I'm curious how you reconcile that against things like the benefits of filling from the extension avoiding the system clipboard & key loggers, the inherent phishing protection that comes from 1Password only suggesting credentials on sites where the URL matches your items, etc.
Telling folks the 1Password extension is okay and others are not is the approach we take internally.
- Ben, 1Password
I'm mostly punting this to macos. I don't give my kids admin rights on the devices I let them use and in general I think you need a11y access to log keys on mac, granting which requires admin.
AFAIK, modern browsers prevent interaction with the clipboard without user interaction, so using the system clipboard for passwords is not a huge deal. As a mitigation, 1password and other password managers clear the clipboard after a timeout.
On my linux machine, I use a bitwarden CLI in a script that either uses xclip to put the password into the clipboard or xdotool to type it directly. To my understanding, the security model in X is quite a bit worse than that in mac, but I prefer this over using a browser extension.
> the inherent phishing protection that comes from 1Password only suggesting credentials on sites where the URL matches your items
I can't wait for a passwordless world to come. For now, my kids only have credentials on sites that are relatively worthless, and I use U2F on all the sites/services I possibly can that have any value.
On the sites that have value but don't support U2F, I either accept the risk or try to find alternatives. Banks and financial services (I live in the US) are a perennial disappointment here.
I do use the bitwarden app on my iphone, and when you actually go through the password filling feature (instead of just switching to the bitwarden app and searching), it does suggest only those passwords that match the URI you're looking at. I haven't closely examined why I'm okay with this integration but not a browser extension on other platforms, but I am.
Transition is as easy as exporting your 1P database and importing it into BW.
Integration in IOS is very similar as 1P.
Overall, 1P's apps are more polished than BW. You notice it when you migrate over and after a while you forget about it.
There's one caveat and that is you've to pay BW $10 per year to get TOTP/2F AUTH support and offline support in the apps.
I hope we can win you back someday.
++dave; 1Password Founder.
As far as deprecating the bring-your-own-sync approach, I understand this is legit flexibility that some customers want, and I'm glad there is a competitor that does a good job of it. Personally though, after many years of using 1Password + Dropbox, I must say I've had a lot fewer sync problems since migrating over to 1Password for Families. If I had a broad sync strategy maybe I would feel otherwise, but I don't—to the contrary, I'm moving away from Dropbox because of the shenanigans they are pulling with my OS internals, and maintaining a VPS or even an AWS account with S3 is a significant burden that I don't take lightly. As a product engineer, a single integrated sync is easier to provide guarantees, and prevents a lot of problems caused by third parties with no recourse to debug.
(I am also a happily paying customer of 1password; I strongly prefer the cloud offering...)
And that's beyond the fact that, in some sense, this aligns the business needs closer to mine. It is easier and in some sense, more fair, for me to pay for the software while I use it, and not when I don't. On the business side, it's nicer too. It pretty much feels like a win-win all around, except for certain circumstances. But in the happy path, it's basically almost entirely strictly better.
I feel weird being on this side of this argument these days, but it is what it is.
but I think a subscription model always depends on the use case, I mean it's probably impossible to pay for everything (considering that every software that we would use, will be using a subscription) I'm on a mac and lots of small tools are priced like 4-5 € which means I only need to buy a new version ones apple updates his os.
Or you can buy DaVinci Resolve for $295 and get a lifetime license. And they make a Linux version.
I make good money, and so dropping $20 on something for a new hobby is something I do without thinking, but $295 is something I have to consider. And I'm a software developer who makes a decent salary. It's more than 10x the cost. It takes fifteen months before that breaks even.
> And they make a Linux version.
I'm not a Linux user, so this isn't something I particularly care about these days.
Something I didn't talk about in the original post: I did try a few $0 editing programs at first, and I know that DaVinci Resolve stacks up pretty okay here, but one of the main reasons I went with Premire is how easy it is to get help with virtually everything, given how widely it's used. As someone who is at the "I don't even know what I don't know" stage, that's a real advantage. This isn't part of the whole "monthly fee SaaS vs one-time license" aspect of things, but it did factor into my overall decision.
I realize that most people tout self-hosted as a "benefit", and it might be a benefit for the demographic reading HN. But for the average person, self-hosting is far from practical. Most people can't realistically boot up a DO droplet and install Docker and Bitwarden.
Heck, I am a SysAdmin as a career. I build highly available architecture all day long, but for my personal/family passwords it is honestly not something I personally want to handle. Maybe it is because I actually work in highly available architectures all day long that I am more fearful of throwing all my passwords onto a $5/mo DO droplet, that by its nature is not HA. Sure I have the expertise to lock it down, keep it secure, keep it backed up, keep it updated, etc.. But I am paying $60/yr for the VPC ($5/mo x 12 mos = $60/yr), which is the same cost as 1Password for a Family plan and is more expensive than the $36 they charge for a personal plan.
So even though I am qualified to reliably self-host everything, why would I want to? Why not just pay the same amount of money for someone else to accept that burden? Plus that company is scaled up to be running their customers on far more reliable architecture systems than I would alternatively be using on my single VPC/droplet.
This isn't to shit on Bitwarden. In fact i have a ton of experience with both Bitwarden and 1Password. These are easily the two best options on the market. Both have close to feature parity. You can't go wrong with either. But I would just cautiously warn people that want to self-host Bitwarden. This is a major responsibility to self-host an app that contains such critical information. Before you click install I would do a thought experiment of what would happen if you lost your Bitwarden installation, and therefore ALL of your unique passwords across the entire internet. Now ask yourself, how confident are you that you can avoid that situation. Then remember that affordable alternatives exist that take that responsibility away from you.
This isn't saying that you shouldn't do it. Just that it isn't practical for most people. And I honestly don't see the draw for self-hosting a personal or family account. I would self-host a business account. But why bother with personal or family? Just get a hosted account so you don't have to play "IT Person" at home when your partner gets locked out of Netflix and can't access the password.
If you are already in the 'let someone else deal with it' camp, then Bitwarden is dead simple. It works everywhere and does a great job of keeping your vault in sync on any device. All for way less than 1Password.
I have more infrastructure in my basement than some small companies have in their entire organization. :D But in terms of relying on that infrastructure, run by me alone, for something as mission critical as 1Password? I'll pass.
- Ben, 1Password
I still choose to use 1Password personally, because the higher polish and experience is worth the slightly higher price for me.
Both are good options really.
— curious 1Password user
-- former 1Password user
Lastpass is now reduced to usage on linux machines, while bitwarden superceeds it on all platforms, even when new ones come in the future
If he’s in the US, he already needs to start saving for college.
I did all that too. I concur with your overview. I don't see the world as black and white either. We know that children are more easily exploited, no matter how tech savvy, but it's not so much the 6 year old age that hit me reading that; it's the fact the having an offline private life is being eroded, and I'm not sure about what is replacing it.
https://www.aclu.org/report/identity-crisis-what-digital-dri...
The last thing a 6 year old needs is some asshole opening a dozen credit cards in their name and maxing them out on cash advances to buy Bitcoin.
"Your Email was found in the data dump from the FooBarBaz.NET hack!"
Okay, which site was this? Is there a password I'm supposed to change? Was it actually a password I stopped using 5 years ago, but is still floating out there somewhere?
None of these questions are ever answered in a way that's actionable, so these notices get effectively ignored.
(FWIW, back when I worked at a certain big company and they provided this service to employees, the data dumps actually did contain enough useful info to answer the questions some of the time. But the services available to the general public, even if you pay for them, are damn near useless.)
The site it said it was?
> Is there a password I'm supposed to change?
Do you have a password saved or memorized? Does the site have a link or form to log in?
> Was it actually a password I stopped using 5 years ago, but is still floating out there somewhere?
They can't be sure. Why not change it to be safe?
I'm sorry, but I have absolutely no idea what sites fall under the banner of the "FooBarBaz.NET" dark web data dump.
That said, HIBP specifically does provide that information which is more than actionable, and that being the most prominent of these services, I'm not so sure what the complaint is about really either...
I'm afraid Dashlane fits all of those requirements. Hands down. Then Bitwarden comes second.
While the UX of Bitwarden isn't quite as polished neither have had any issues. They use it on their Windows laptops and Android phones just fine.
I think the fact my mother hasn't asked me to help her with her Facebook password for over a year now speaks volumes over how well it works for her :)
1Password is indeed a superb product though. I do like to chime in when password managers are mentioned to help spread awareness of Bitwarden as they don't have the same level of marketing as 1Password and I appreciate that Bitwarden is open source and all that jazz :)
I have my keepass vault in my dotfiles repository. All i need on any device is keepass and if i want to write to that vault, git. Of course i secured my publically accessible vault with a strong password and an additional token. Works fine for me but i have to admit, using a lot of devices with write access to that vault would get cumbersome.
The US Government got rid of passwords in 2004 by switching to smartcards, and Google also did so in 2017 by switching to hardware security tokens.
2. The core problem is still that you need to be able to communicate with others, for which you need to identify yourself. Where a site is served from doesn't change that.
Edit: not too happy about electron, but it’s still a step in the right direction for the common folk who use Ubuntu and aren’t the most tech savvy and just don’t care
However, I primarily use it for the `gopass search` output. This is where `pass` really sucks for those who copy-paste.
[1] https://github.com/gopasspw/gopass
There is also an extension: https://github.com/ficoos/pass-fzf
Will it also suggest me my passwords in iOS?
Come on, guys, 1Password is not only about syncing passwords between N computers.
Not that I recommend this setup though.
1. https://news.ycombinator.com/item?id=9224
https://news.ycombinator.com/item?id=9224
(If this is not a joke, yikes).
Syncing is also very easy for developers - just use git.
Sure, you could... but there is a monstrous gap between that and the real service that you are comparing it to.
I appreciate it if you're like "look, the convenience outweighs the safety," but it really feels like most of these discussions hand-waves away this fundamental flaw.
I say this especially as someone who doesn't do a lot of passworded services on my phone, because, you know, that stuff is really insecure no matter how good your password is.
https://news.ycombinator.com/item?id=26801155
Also, depending on your phone, it might be significantly more secure against non-superpower actors.
I'm generally fine with this if the password vault is end-to-end encrypted, the vault's password is never shared with the server, and the server doesn't have access to the plaintext passwords at all.
At that point you have to trust that the crypto used for the vault is done correctly (and that trust is easier to come by if the clients are open source). But that's the same trust you'd have to extend if you used another solution (e.g. Bitwarden) that allowed you to self-host the sync service.
If you only access password-protected resources from one system, then you don't need sync at all, and this problem goes away. If you do need sync, you're going to have this problem no matter what.
(also, I have no idea exactly what "end-to-end encrypted" actually means these days, given the loose way many apps/services seem to define it.)
At some point the paranoia isn't productive anymore.
Partly given 2FA, but more importantly the fact that I check my email pretty frequently (most of them will be like "hey, someone's trying to change your password, is it you?), I don't think that's a fair comparison.
Properly engineered a cloud-based password storage system should be at least as secure as email, if not moreso (and I believe 1password has it engineered that way).
There is a WHOLE LOT of incentive to try to hack 1Password and far less to try to hack my dinky email, or even, e.g. gmail to try to find what you're looking for as the hacker.
It would be cool if there was some open password management API that browsers/password managers could implement to solve this without extensions.
> 1Password for Linux also debuts with several features that are coming soon to 1Password for Mac, Windows, iOS, and Android
That should be encouraging for Linux users. It suggests that the Linux version is not just a port that will forever at best follow the other platforms. It can get pretty annoying when you have something that is available on multiple platforms, and your platform tends to always lag the others.
VisiCalc, SuperCalc and TKSolver did not have Forward referencing. You had to manually refresh the screen (recalculate the entire spreadsheet) and watch to see when cells stopped changing values (if they needed results from cells further in the spreadsheet (left to right, top to bottom).
Lotus 1-2-3 did have Forward Referencing. Multiplan I, did not and accordingly could not hurt Lotus until MultiPlan II incorporated it.
I had communications from magazine editor(s) who simply had not been aware of LANPAR because it was so far ahead of its time, and 10 years later VisiCalc implemented its spreadsheet on Apple's microcomputer - popularizing spreadsheets at a consumer level. So Yes, Rich Harris got it totally 100% right!!
If you'd like to play with this now be sure to install the beta of the Desktop app as well as the beta of the browser extension.
++dave; 1Password Founder
The "classic" 1Password browser extension already unlocked with the desktop app and does not dump your entire vault into browser memory just to fill one password.
- Jackson Lewis, 1Password Developer
- Ben, 1Password
https://dteare.medium.com/behind-the-scenes-of-1password-for...
++dave; 1Password Founder
- Ben, 1Password
Have you looked into using Sciter instead of Electron? It seems to be considerably more lightweight.
We looked around a bit but Electron worked so well for us when we started development in 2019 that we didn't have a need to continue searching. Electron also has such a strong community and momentum behind it that I'm happy to continue using it.
Sciter looks interesting and so does Tauri. Perhaps one of those will win out next time we do a deep dive here. :) Until then I've been really impressed with how well Electron is working when paired with Rust.
Cheers!
++dave;
++dave; 1Password Founder
The application UX may be great. The sync may be great. The security of the closed source application may be great (because of audits). But this single dark pattern and the condescending attitude of their team members whenever the topic of standalone license comes up are enough to avoid this company. If you can get to the standalone license purchase option within three or four clicks from the main site, do let me know.
I switched out of 1Password to Bitwarden long ago. I will admit that Bitwarden is not fantastic (I find it somewhat slow and also lacking some features). But it doesn't use dark patterns like AgileBits does.
In my mind, Enpass is one that does it correctly. They don't offer a sync service, instead they let you choose from a number of popular ones (OneDrive, Dropbox, iCloud, and a few others), one of which you probably already use. There's no need for yet another cloud service to solve this already solved problem.
Another constraint with using a file sync service is this is introducing a kitchen and egg problem when we lose everything. We first need to restore access to the file sync service to then be able to recover the password file. Which means we can’t use the password manager for the file sync service. Not a deal breaker, as it is what I’m currently doing, but I’ve always wondered how it would go after a catastrophe like losing everything in a home fire.
The bootstrapping problem is an interesting one. Instead of just having a master password for the password manager, you also have to have the file sharing password as well. Like you, I've somewhat accepted this situation.
For the home fire scenario, offsite backups are the answer. When you restore your backup (likely with yet another password involved!), the recent-ish local copy of the password database will be restored with it and you can use the passwords stored in that to bootstrap the syncing process.
My current offsite backup regime is just a pair of portable USB drives. One is at my office, the other is at home, and I rotate them weekly (COVID messed this up). There are many other ways to do this - cloud services, a NAS sitting at a friend's place, external drives in a bank safe deposit box, etc.
Very disappointing.
They still sell and "support" this standalone product. But I use the word "support" in quotes because the standalone license doesn't offer all the features of the subscription product. I resisted switching to the subscription product for many years, but eventually there were many features that were only offered on subscription accounts and I caved and made the switch.
So I just wanted to warn other people that before you buy the Standalone option, you should know that it isn't quite the same 1Password experience as the subscription. There are quite a few significant features missing.
Before subscription software became all the rage, you had to purchase a license for a specific version. You had the right to keep using the version you purchased for as long as it worked, but if you wanted any new features, you had to shell out money again for a new version every few years. Maybe you'd get free bugfixes from time to time, but that was about it.
Now we're all spoiled by the rolling updates funded by the subscription model. We keep asking for the old pricing model, and at the same time want all the new features to be backported perpetually. :)
++dave; 1Password Founder
I personally don't mind that it uses Electron. The app feels snappy to me and it looks like their engineers are making efforts to optimize the experience.
Because if I couldn't access my passes by merely not paying up, that's plain extortion. I didn't read their terms, hopefully someone here can enlighten me.
[0] https://1password.com/sign-up/
- Ben, 1Password
[0] https://support.1password.com/frozen-account/
(And I'm not speaking about the chrome/electrone sandbox, which can be run without SUID on modern systems).
1Password puts in effort where possible to defend against attacks on your local system, so we need the keys currently used as part of the kernel keyring integration to be inaccessible to anything in userspace or otherwise some malware could steal credentials going back/forth to the browser.
The SUID binary helper is unfortunate, but you can blame Linux for that. Our integration makes extensive use of the KEYCTL_CHOWN and KEYCTL_SETPERM syscalls for the reasons stated above, but a process needs the `CAP_SYS_ADMIN` capability to call them (ctrl+f on the man page for capabilities). In the end, we decided that making it SUID was more transparent to users then giving it that capability on install since the former is more visible.
I'm the administrator for my family's account on LastPass and my wife forgot her master password and has now burned the associated email.
The account was unused and empty so nothing was lost but it highlighted to me that account recovery was not smooth or seamless. As an administrator you can't just issue a password reset on their behalf.
If you're testing out these password managers, try a recovery first with a burner account before fully entrusting them with valuable passwords.
The only secret the server ever sees is the secret (device) ID, and that’s by design.
Short answer:
When 1Password creates an encrypted vault, it will make a copy of the key, encrypt it with the public key of another family member (e.g. you) and hold the encrypted result in escrow on 1Password’s servers.
If your wife forgets her master password and chooses to request recovery, a special procedure starts. First, 1Password asks you to confirm that the request is legit. If you confirm, the server will delete and re-create your wife’s account, then send you her new public key and the encrypted escrow key. Your app uses your private key to decrypt it. (Now your app has your wife’s vault key.) Your app re-encrypts it with her new public key, uploads the result and forgets the key. Finally, the server sends your wife her encrypted vault together with the thing your app just did. Now your wife can access her vault again.
Long answer: see 1Password’s security white paper [1].
[1]: https://1password.com/files/1Password-White-Paper.pdf