1Password 8 will be electron, subscription only, and no longer support local vaults

I’ve removed all my files and photos and only have about 400 mb on iCloud (Apple Notes, Drafts, etc). I’m tired of playing whack-a-mole with its problems.

Right, tell that to the millions of people without always on web access.

How many people without internet access are using 1Password in the first place?

The key words are “always on”. That describes a reasonable number of people.

If you work in a larger corporation you’ve probably lived in MS Teams for most of the pandemic. MS Teams is an Electron too - for now. I see they are dropping Electron

They even have a KB article on it’s memory usage

Jason Snell had an excellent article about this on Sixcolors and today’s episode of Upgrade was also very good.

I don’t think there’s anyone doing better analysis and discussion of Apple right now than Jason.

I didn’t like everything he had to say, but I think he was right. How often does someone achieve that?

Yes I do have it installed on my iPhone and iPad. There’s no problem at all with sync but I’ve not yet had much occasion to use autofill on the iOS devices (although when I have ued it it’s worked well). (I spend most of my time on my MacBook Pro.)

All in all, I’m very pleased with BitWarden.

Stephen

Thanks for posting this. Correct me if I’m wrong but basically Microsoft has created a better version of electron for their own use. And based on what I’ve read on github it will be coming to Mac and eventually Linux.

I see it that way as well. I put that together in the late 2000’s and people used to tell me the negatives.

I studied medieval German language at the time and it reminded me of the pamphlets against the printed word from the early modern period (ironically they were most often printet:) we were reading in class.
Yes, printing has negatives compared to the medieval tome, but that does not mean they outweigh the positives and are relevant enough to win.

The same with cloud services/streaming and native local processing.
Most people aren’t power usery enough to realise the difference anyway.

Does anyone here see iCloud Keychain as a viable alternative to 1Password? There are no secure notes or customizable fields. There’s also no standalone app. You can, however, use a locked secure note in Notes. Other fields can possibly be stored in Contacts. Shorcuts can simulate an app. Certainly not perfect, but viable? There’s of course no easy way to move en masse all the Pw from one to the other.

The new keychain in Monterey will manage your passwords, provide an authenticator for 2FA, and work with Safari and Microsoft Edge browsers. It will also "Manage iCloud Passwords on Windows”. If that’s all you need the new Keychain should work for you.

If you use other 1Password features such secure notes, storing sensitive documents, Watchtower security, and the ability to work with additional browsers, then you will need to find substitutes for these items or do without them.

I think Keychain will meet nearly all of my needs. However, I do store some secure documents, credentials in 1Password.

Does anyone have a recommended option or best practices for storing secure documents without using a password manager like 1Password?

One of the things I toyed with a while ago was encrypting these documents and then just storing them in Finder, which gets synced via iCloud, Dropbox, OneDrive, etc… You can create an Automator “Quick Action” that encrypts PDFs with your selected phrase.

CleanShot 2021-08-17 at 10.04.111234×764 98 KB

Then it will show up via the right-click “Quick Actions” menu.

CleanShot 2021-08-17 at 10.05.281274×252 56.4 KB

The downside is that you’ll have to enter your password every time you want to view the document, but it is now “system independent”. So you could put it anywhere (Evernote, Dropbox, Bear, etc…)

The very quick answer to a possibly complex question is that an encrypted disk images is probably sufficient for you. When you’re encrypting important data like that though, it’s incredibly important to have a robust backup strategy that includes regular and periodic validation. Very little file corruption is required to render a whole bunch of encrypted data useless.

I agree with @ACautionaryTale concerning disk images.

I created an encrypted sparsebundle on my Mac that I use for temporary and permanent storage of files of a sensitive nature. It stays in Documents and grows to whatever size I need. And because it is a sparsebundle only the modified bands are backed up when things change making it ideal if you choose to sync it via iCloud, etc.

I’m not aware of a way to do this on IOS which is one reason for 1PW.

I am no where near has tech savvy as you guys but I dont see what the big deal is here.

So its Electron. So what? If Electron apps arent as efficient running on the Mac right now, does that mean its going to be this way forever? I doubt it. They will become more efficient.

I hardly venture into the Mac app anyway. Most of life is in the browser. Whether is Chrome or Safari. As is the case I would assume with the vast majority of users in today’s day and age. Same thing with Vaults. Does it truly matter where the Vaults are as long as they are secure in the cloud? I have Dropbox, iCloud accounts in the cloud without ever thinking about them.

There is always the possibility of someone hacking into my iCloud and taking all the pictures of my kids. Risk cannot be avoided. Local vaults can be hacked too. If someone truly wanted your passwords.

I go into 1Password app for secure notes or passport pics. That’s 3 or 4 times a year.

1Password is a solid app with a great extension that works seamlessly across browsers. Cant say that about Keychain.

I’m sorry but the alternatives to 1password are a tier below.

I see two potential issues with the announced changes, both of which are especially pertinent for an app/service in which your keep your most closely guarded secrets and which holds the keys that permit you to access (hopefully) all of your other services and data:

1. Currently, with purchased software and local vaults, I am in no way dependant on the continued existence of Agile Bits, 1Password, or my access to its servers and services for access to my (incredibly important) data.

It is not yet clear to me how the change away from supporting local vaults affects this. Agile Bits has a good track record (in my opinion) in ensuring that my data remains accessible no matter what, so I’m hoping that they’ve taken this into account. Until I’ve done an assessment of their non-local service, I won’t know if they meet my requirements for availability.

2. All other things being equal, an Electron app is by its nature, inherently less secure than a native app. For an app like 1Password, this is of obvious concern.

Whether Agile Bits’ compensating controls and the advantage of faster cross-platform development outweigh the additional risks incurred by developing in Electron remains to be seen, but based on the company’s history, I suspect that those things are probably going to be enough to convince me to remain with them.

There are other issues with Electron (less ideal experience than native), but I’m less concerned with those, as I feel like we’re rapidly moving into a world where native is going to be a thing of the past. Others feel more strongly about that aspect though.

Edit to add: For me this is more than just a personal issue. I’m the head of information security for my organization and I am frequently asked which password manager I recommend for personal use. The answer has always been 1Password, but these changes mean that a re-evaluation is necessary. I suspect that my advice won’t change, but what was once a no-brainer is now more complicated.

@WayneG @ACautionaryTale Thanks for the input. I religiously backup on a rotational, multi-location, multiple external drive basis and I use three backup methods, manual copy/paste of certain folders to external drives, Time Machine, and Backblaze. Plus, all work files are also in Google Drive Enterprise and all personal files are in iCloud. So, insofar as backups are concerned, I’m good.

Would you consider documents that I currently have as notes in 1Password secure if I converted them to PDF, secured each PDF with a PW and store them in iCloud (with all of my backups as described above)?

Regarding Electron apps, I think Jason Snell made some really good points on the latest episode of Upgrade that the fact that Electron apps’ lack of support for Mac automation and accessibility tools and often fail to follow platform conventions (that native apps essentially get for free) is a bigger deal than their memory footprint.

Some years ago my company would receive daily emails from our bank containing password protected PDFs. Windows users needed Adobe software and a password to open the files. One day while troubleshooting an email problem I discovered that Preview on my Mac would open these files without a password. I haven’t trusted Adobe security since that occurred so I cannot offer an opinion.