Well, they never switched their name to 2Passwords when that became more appropriate … Master Password plus Secret Key equals two passwords to my way of thinking!
3 Likes
What like Apple Power User? 
1 Like
Honestly, I was fed up with 1Password because of the reasons above, so I tried Strongbox which I liked a lot but because of two Keepass downsides I couldn’t live with I settled with Apples Passwords and Bitwarden.
IMHO for most people Apples solution is the easiest. Yes. You don’t have fancy notes. But then you could just use Apple notes and lock them with a password. Or use Apple keychain and put notes there.
And with Apple and Microsoft and Google implementing passkeys password managers will be obsolete. Lets be honest, statistically most people use weak passwords. Look at the studies about most used passwords.
The most used password in 2022 was “password”.
Most people don’t use a password manager, they are using simple like this or their name or their birthdate. Passwords are inconvenient. Even with password managers.
Yes and if I give the keys to my house to a thief he can enter my house. Use a complicated passcode and don’t use it in a public place. Use faceID and fingerprint instead.
A thief with your masterpassword to 1Password has full access to everything. It’s the same.
Looks like there is also a Strongbox Zero
https://strongbox.reamaze.com/articles/what-is-strongbox-zero
Also 1P are now providing devs with an easy implementation
Most people will never use a complicated password and many seem to spend a great part of their waking hours with their phone in their hand. So that’s not likely to be widely accepted solution.
TouchID was a much more secure method. I use to unlock my iPhone while it was still in my pocket or resting in a cup holder in my card. I’ve been tempted to switch to a Pixel phone just for the fingerprint reader.
The only way a thief could get my 1PW password would be to threaten me physically. And it would take some time for him to write down 30 characters and then verify it. Not the same, not even close.
Keylogger. While malware still is uncommon on Mac, the new thing are hardware keyloggers. Plug your Mac or your iPhone into a public USB hub and there is a chance that it is hijacked by a small USB device and can read anything you type.
You can even legally buy this cable.
You’re right, TouchID was awesome. Aren’t there rumors that they want to bring it back under the screen?
I agree. Most people would never use a complicated passcode. Or password. Or master password. There are even people who loose their master password and loose access to their vault.
I think passkeys making passwords obsolete is a good thing.
Granted, that would be one way for someone to get my 1PW password. If I visited sketchy sites or downloaded a malware infected file. But my MBA never leaves home and my iPhone doesn’t hookup with strangers 
To open 1PW I need my password and my secret key. And I only enter my 32 character secret key when I visit 1password.com to turn Travel Mode on or off. (Can a keylogger capture information entered automatically by a password manager? I need to look into that.)
I wear an Apple Watch because I prefer to leave my phone in my pocket. I never lay it on the table during meals, etc. out of respect for others, but also for security. In fact if Siri wouldn’t require me to manually unlock my phone, when I’m wearing my AW and AirPods Pro, there are days when it would never leave my pocket. I do what I can to remain secure.
1 Like
A software keylogger isn’t able to intercept the master password entry (uses SecureField which doesn’t generate keystroke events.) Password fills use the AutoFill API that doesn’t expose them to the clipboard. 1Password communication with the browser extensions are protected.
Where you potentially expose data: TOTP codes (no autofill API for those, so they use clipboards), and any time you manually copy a password out of 1Password. Hopefully Secure Paste is brought to macOS soon.
I can’t think of a pure software defense against hardware keyloggers.
2 Likes
If you’re using your own cable and a USB data blocker like this, it can help to mitigate juice jacking if you have to charge using a public port.
1 Like
People will complain that they aren’t as performant as native apps but I think in most cases people with that complain spend all day staring at iStat menus and are upset if anything causes the computer to work.
What you will miss is access to somethings the OS provides. Biggest thing I notice in electron apps is when I right click there isn’t the services menu available to me nor the share sheet
With all that said how often are you really working in your password manager. It’s really more of a political stance people take against it in the same way some people here avow to never use subscription software. 1Password has become the latest rallying cry. IMO 1Password is best in class and every thread that pops up no one has a better solution than 1Password to suggest.
Bottom line if 1Password is working for you don’t feel the need you need to go out there and look for a new password manager.
2 Likes
Unless of course you frequent here and that applies to nearly every class of software
2 Likes
Or they have a computer with limited resources. Not everyone has the latest and greatest, many people are still on Intel Macs.
given all the security issues presented here you would think that 75-90% of all iPhone users would have their phones and/or identity hacked at least once every few weeks. In a few weeks I will be celebrating the 15th anniversary of my first iPhone. Never hacked in all that time.
So, either I am an extremely lucky outsider, OR - these events are extremely rare.
Fortunately for all of us, I believe it is the latter. So pick a pw manager that works for you, use some basic, common security awareness, and get on with your life. And maybe worry about rare events a little less? 
4 Likes
Not sure if there is a typo in there or not but that made me laugh!
1 Like
To your knowledge. Many, many hacks go unnoticed for years, or even for ever
I think Apple does a good job on security but they’ve already had to deal with 120+ vulnerabilities this year. And this morning I read this.
Apple issues emergency patches for three new zero day vulnerabilities
1 Like
As always, security events are a “when will they happen” rather then a “will they happen”
Prepare for the worst, hope for the best
1 Like
It was intentional.
1 Like
I’m on a late 2013 iMac and electron apps don’t cause it to go to a stand still.
I get the argument of why it is better to be native but the fear mongering around electron apps has become ridiculous.
2 Likes