I've used 1Password for the better part of a decade, but I've slowly been weaning off of it. I'm in the Apple ecosystem, and have switched to using keychain for all my passwords.
I was pretty unhappy when 1Password switched to a subscription model, which is partially why I chose to leave.
1Password's mobile experience also isn't great, especially when compared to iOS's native keychain syncing abilities.
All in all, I'm fairly bearish on 1Password for the personal use case. If you're not in the Apple ecosystem, Google has similar capabilities. If you want to be agnostic, then there are free alternatives as well.
I'm sure those are valid use cases. It's just not something I've ever needed in 10 years of 1PW. Keychain covers passwords and credit cards, which are all I need it for.
The linked thread about their security for app icons displayed on your password list is fascinating, and is a perfect example for people (on forums like HN) who routinely go "why does service XYZ need more than 10 engineers?!"
If I'm the CTO/CIO of a company that spends millions on security, I want to use an app which places this much attention to detail over such seemingly minor aspects vs something a couple bucks cheaper.
Based on his description, I'm not seeing the "zero-knowledge" mechanism. As described, 1Password (or a hacker on their server) would still be able to associate site-to-IP.
The cryptographically generated one-time URLs he mentioned would only prevent a MITM from knowing which what's being requested. The icon server still needs to know which site's icon to send to the requester.
Additionally, it appears 1Password falls back to fetching a site's favicon if they don't have an icon. So it would seem it's only leaking this info to 1Password so that it can fetch higher quality icons.
Unless I've missed something, this sacrifices security for aesthetics.
The enterprise expansion of 1Password seemed like a natural evolution for 1Password. If you build your entire product extensively focused on a single quality you'll naturally end up with something of a platform. I wrote more about it here specifically taking 1Password as an example https://aditya.rs/2022/02/08/qualities-and-business-models/#...
7 comments
[ 2.9 ms ] story [ 29.2 ms ] threadI was pretty unhappy when 1Password switched to a subscription model, which is partially why I chose to leave.
1Password's mobile experience also isn't great, especially when compared to iOS's native keychain syncing abilities.
All in all, I'm fairly bearish on 1Password for the personal use case. If you're not in the Apple ecosystem, Google has similar capabilities. If you want to be agnostic, then there are free alternatives as well.
What about identity information or other documents you would not want to store unencrypted, but also need ready access to?
What about shared vault behavior in 1pw? Even if Apple offered this, it seems unlikely to be built for share outside their ecosystem.
If I'm the CTO/CIO of a company that spends millions on security, I want to use an app which places this much attention to detail over such seemingly minor aspects vs something a couple bucks cheaper.
Based on his description, I'm not seeing the "zero-knowledge" mechanism. As described, 1Password (or a hacker on their server) would still be able to associate site-to-IP.
The cryptographically generated one-time URLs he mentioned would only prevent a MITM from knowing which what's being requested. The icon server still needs to know which site's icon to send to the requester.
Additionally, it appears 1Password falls back to fetching a site's favicon if they don't have an icon. So it would seem it's only leaking this info to 1Password so that it can fetch higher quality icons.
Unless I've missed something, this sacrifices security for aesthetics.
The thread referenced: https://twitter.com/mitchchn/status/1484225379854426114
EDIT: Yeah, this is not the "zero-knowledge" service implied: https://support.1password.com/rich-icons-privacy/