I understand. I had been a 1PW user for several years when the 1password.com subscription service was launched, and it still took me a year to decide to go with their server based product.
On the 100th episode of the “Random But Memorable” 1Password podcast they discussed 1PW security and stated "We designed the system . . . such that we should be able to take our customer’s database that exists, protected on our servers, and publish it on the web . . . and have the confidence that all the data is safe . . . Now we obviously would never do that . . . “
And 1Password repeats this confidence on their website:
"When we designed the security architecture of 1Password, we had to account for the possibility that some day our servers could be compromised. When well-equipped, determined attackers target password managers, they do it because they believe the prize is worth the effort. After all, why compromise a single person’s data when you can potentially score millions of bounties?
1Password is built so that if attackers were to breach our systems, any vault data they obtain would be effectively useless to them, even if they had all the computing power in the world available to try cracking it open."
No system is perfect but I have no plans to leave 1PW.
Thanks for the info. But i will keep my passwords of the cloud, happy customer with local vault and local sync. System worked, don’t know why they do that not offer anymore. And i have no problem to pay for the subscription.
Performance. If cross platform applications are not tuned and tested, they can be very resource hungry using additional processor, memory and disk access resources. This can lead them to feel bloated/sluggish or to just be bad citizens on the platform by using massive amounts of those resources.
If they are not developed using the tools apple provides to create Mac Apps, they likely will not feel or behave like native apps. This doesn’t sound like much, but one of the benefits Mac apps have had over a long period is that when the majority of apps behave the same way in similar situations, it can be jarring when others don’t, e.g. imagine if you go to save a file and 99% of apps open the Mac Save dialog and the other 1% of apps do their own thing, it’s annoying.
1Password went full corporate customers with version 8. There are several reasons why for me it isn’t a viable option to guard my secrets anymore:
Can’t choose the location of my vault anymore
Using Electron as wrapper which means high battery usage on my Macbook for an app that most of the time is running in the background
broken promises: They went subscription only, which would be ok for me if they didn’t promise not to do it.
Shady business practices:
First they hid the option to buy the “lifetime” version of 7.
Then they hid the cancel button for subs both on mobile and on PC. On mobile the cancel button was not visible without scrolling down but there was no scrolling indicator and the scrollable area was exactly the size of the cancel button. On PC they hid the option to cancel in the 3rd sub menu while having blank areas on the 2 levels above.
Now they suddenly end support for version 7 browser extensions although they sold it some months ago as lifetime version. I don’t mind ending support for a product but not even a full year has passed. It seems like they want to force all 7 users to subscribe.
Now they are collecting user telemetry as an opt in and they already said that there are plans to do it as an opt out.
I could live with Electron, I could live with a sub for something as important as a password manager. What I can’t live with is the big corp behavior. If you look at the company, they aren’t the small neighborhood garage company anymore, they have 570 employees working on a simple password manager and still doing a worse job than Bitwarden or Strongbox, which is a 7 dev app. They want to grow and they want to grow big and they don’t care about the users that made them big.
I’m using Bitwarden and Apple’s password / keychain, both are awesome.
Yes, Bitwarden is Electron too but just the app, which I don’t need because I’m working with the browser plugin all the time.
Yes, Bitwarden is Electron too but just the app, which I don’t need because I’m working with the browser plugin all the time.
Isn’t that the case with 1Password, too? I believe I’ve used the browser extension without having installed the app in the past, but have not tried recently.
1Password is a Rust application that uses Electron for the UI. A 1Password Team Member writes:
“We are indeed using Electron for some elements of the app, but we’re strongly focused on delivering performance as a feature. Using Rust for the heavy lifting has enabled us to do that. I’m signed into 4 accounts and have thousands of items and am sitting at 90.5 MB of memory usage:”
In addition to cross platform support a PW manager can add an extra layer of security. For example if you are a Keychain user your data is only protected by your devices passwords/passcodes.
A thief with my iPhone and my passcode would have full access to my Keychain but not the data in 1Password.