This is the classic trade-off between security and convenience and you get to decide where you personally come down on that continuum. And so do I.
1 Like
I donāt agree with your trade-off, but fine.
My point is more that MOST PEOPLE should never use more than 30 minutes a month using the actual 1Password Electron app.
Because the Mac app is SO MUCH MORE INSECURE than the browser extensionā¦
Only if you donāt want to use TouchID etc.
Iām not talking about logging in, im talking about bugs. If the browser extension is buggy it has a smaller attack surface. And touch id is a convenience feature ā it doesnt add security compared to using the password.
1 Like
To use the browser extensions or not is a question that Iāve been considering for a longish time and I donāt think the answer is especially obvious on the Mac. It comes down to the question of whether itās more likely that I have something malicious running on my system that has access to my clipboard (I donāt have any evidence to that effect, but Iām not naive enough to think that itās impossible) or that a web page can trick a password managerās browser extension into providing information that it should not provide (this has happened in the past).
When making recommendations to others this risk calculation is further complicated by the likelihood that the convenience of using extensions would increase the likelihood that a given user would continue to use the password manager vs just giving up on it and resorting to poor password management practices (like using the same or similar passwords everywhere).
Personally, I still copy/paste, but usually recommend to others that they use the extension, unless theyāre someone who I feel is willing to make a risk based decision. I would be much happier if Apple were to introduce a little notification into macOS that tells me when an app has accessed the clipboard as they did in i(Pad)OS (and even happier if clipboard access could be restricted by app).
I donāt think anyone is wrong or right for using/not using the extensions, but I do think that people who deviate from the recommended path (to use the extensions) should do so only if they consider the risks of both options.
3 Likes
I agree! TouchID doesnāt replace the password and no cryptographic material is derived from its use. If it encourages the use of the password manager and if the convenience of it encourages the use of a stronger master password, then its use probably increases overall security.
1 Like
At work, we are in the app several times a day for information that wouldnāt autofill in a browser. (This is not commentary on anyone who does differently!) Each interaction with the app is brief, but it makes a difference to me and to my coworkers that theyāre predictably pleasant. I also think that dysfunction in the desktop clientās development would spill into the browser integrations and other products. Everything AgileBits does needs to be pretty good or better if theyāre to deliver a great product to any one platform consistently.
@WayneG that TechMeme interview was pretty candid (like so many AgileBits communications; itās a good trait for a companyās employees to have.)
One interesting bit re: Electron is regarding their limited ability to deliver multiple codebases to high standards. Initially, their plan was to unify their codebase in the Apple ecosystem with Swift UI, instead of across desktops with a Mac-Win-Linux client. However, they couldnāt because they have too many customers who canāt upgrade macOS to the versions a good Swift UI implementation would have required. So they went with the approach weāve been discussing and are doing standalone codebases for iOS/iPadOS, and Android.
Also appreciated the candid confirmation that shoring up the Windows client was important to them, as was meeting more business needs. I personally donāt think this means they are abandoning individuals and families, but the priority order is clearly there.
Also, the brief discussion of health data secure note type, coupled with their increasing access and capacity for partners and integration, was tantalizingā¦
1 Like
Iām totally elitist, but more in that old-timey Unix user kind of way, so elitist, but also kind of shabby
Lol, same.
5 Likes
Iām not talking about bugs or logging in - if you want to have integration so touch id works then the background 1Password has to be running to use the browser add in.
1 Like
Just because a product may be targeted toward businesses that isnāt a bad thing.
In 2001 - 2002 I moved my companyās email from MS Exchange 5.5 to a Unix based system because Exchange was unable to handle our inbound volume (1 million+ messages/month - almost all unwanted). The system I chose was designed for ISPs, like Verizon. It was priced in tiers up to 30,000 users, then jumped to unlimited. We only needed a license for 250 users but I never had a single problem with the software in the 16 years prior to my retirement.
Thatās a good point. I can think of more than a few cases where the polish required to satisfy enterprise made retail/personal use, or small company use, good.
The daemon, yes. But that canāt be written in Electron, that would be ridiculous. In fact I think itās Rust.
1 Like
Wanting good quality and best in class apps is not elitist. Electron apps are significantly memory and CPU intensive compared to native apps, this matters especially if youāre running an older Mac which isnāt blessed with lots of headroom (like myself). As Jason Snell said, whilst the team at 1Password will say that the Mac is important to them (and they did), their actions say otherwise and actions speak louder than words.
None of this is Elitist, itās wanting the best experience from what in the past was a standard bearer for Mac Development.
8 Likes
I think the sweeping generalisation there doesnāt help.
Each app should be taken on its own merits. The difference between 7 & 8 in terms of memory footprint isnāt that much, as I noted earlier on.
Neither does CPU use seem to be majorly different either.
Shouting Electron is evil as default starting point to my mind does no one any favours, and is on a par with writing M$ back in the day for pure laziness.
The worst offender for mem and cpu usage / slowdowns for me is BBEdit which is held up as a stellar native mac app, so everyones experience is different.
Use it, take metrics and see for yourself - then pick it apart if you see need.
3 Likes
This is what Iām talking about.
By and large all I hear about in the Apple fandom is automatically dismissing something outright because itās Electron without even trying.
Itās an awful look and incredibly close-minded.
I run several well run Electron apps on my M1 Mac Mini; VS Code, Obsidian, Postman, Roam, and Gluon.
Only one of these hogs resources, Roam, and I can have them all open with several Code windows open, as well as a bunch of native apps.
True, not everyone has that luxury but automatically lumping all web apps, Electron apps in the same category is shortsighted.
4 Likes
Iām not sure that the past is an accurate measure of how to proceed in the future.
I didnāt come to the Mac in the 80s and 90s; there was no way in heā:ice_hockey:
we could afford one of those, legitimately ever.
In college I played around with a Mac and didnāt see the appeal. But in 2011 when visiting an Apple Store with a friend thatās when I knew I wanted one. Couldnāt afford it but still wanted one.
I came to iOS and then the Mac in 2013/2014. I donāt have the nostalgia you do for this platform.
Things move, there is progress. Itās just how it is.
If Apple wants to keep its advantage, and with these M1s they seem primed to do just that, make building PWAs better, make the platform easier to build for, today not 10-15 years ago.
6 Likes
No, it isnāt. But native apps are going the way of floppy drives as everything continues to move to the cloud. In 2009 I replaced 60 Windows PCs with iMacs. By 2018 all of them could have been replaced with ChromeOS.
Around 1985 Sun Microsystems coined the phrase āThe Network is the Computerā. They were a few decades early with that statement but today it is true.
4 Likes
I donāt really care all that much about Electron.
I see 1Password in my view becoming simply becoming an annoying app.
We used to have the ability to have it unlocked all day meaning access was easy. When Iām at home ā¦I trust everyone living here. I should be the one that decides on the behavior of my app.
Then Watch Tower came with its blaring red alerts that I still havenāt figured out how to go away. I get it my password is weak ā¦so what I donāt have my credit card information tied to every login.
Local vaults are important. There are just some things you donāt want leaving your home network.
Agile decisions have benefitted agile more than the comfort zone of mutual benefaction. Great software has to be great without the micro annoyances.
The only way I can truly voice my dissatisfaction is with my money. I just donāt think Iām going to stomach paying $60 a year for an application that annoys me beyond the threshold Iāve set for subscription software.
6 Likes
I think people are really bad at predicting technologyās future (NOT looking specifically at you @WayneG 
). Weāll continue to do what we can when we can do it. We can do things now that we couldnāt do in 2009 or even 2018. To some it looks like weāre running into obstacles to computer advancement. Iām no seer either, but Iām sure advancement will continue, just in ways we canāt imagine today.
2 Likes
I donāt disagree. The first computer I ever saw was the university mainframe that read our punch cards and printed out our results on continuous form paper. The teletypes were replaced by dumb terminals, then came pcs, and the mainframes were replaced by servers. Which are now being replaced by āmainframesā in the cloud . . .
I donāt try to predict technology. At most Iām an observer that thinks he has noticed a pattern that is repeating. If the iPhone 23 is a thin client Iāll know for sure. 
1 Like