And you have to type in the “secret key” also, or what is its source, if you open the 1P?
I use a 11-Digit password for logon to my encrypted system and the Keychain.
It has small and large cases, numbers and an special sign. It took several hundred years to get into it with a SuperComputer and a Brute Force attack, and several thousand for an “average hacker” with a rather “normal high-end system”. I am totally fine with that!
If someone took the afford to go into this, he could have all my secrets as a reward…
I also use a special system of a combination of a SingleUse User Name, and a variation of my password, to log on to all services, so I in reality do not need an password manager to log onto my accounts, if I have to do it from a different system than my own ones.
Am I the only one using Apple’s pasword management as a convenience and a regular password manager as a backup? Any new credential or password change goes through Strongbox and then I let Safari update the password.
And you are probably more secure than the vast majority of users. I only say “probably” because I have no idea what actual risks we face today.
IMO one of the risks of shorter passwords is that most people don’t use truly random passwords. I haven’t brute forced any passwords since the 90’s and I did that as an experiment on one of my company’s Windows NT servers.
I have guessed (& observed) the passwords of several of my users to show them how vulnerable they were.
Not normally. Which is an advantage for the majority of users, IMO.
It is interesting to read that, but they are requiring the user to use the Apple Keychain, to protect their secret key, and if I use Keychain to use 1P, I could also use Keychain instead of 1P.
Also they ask the user to print out the Secret Key, and store it “securely”, which means for the most of the user most probably inside the drawer of the desk, and to make it more secure, the lower drawer…
All true. If people use a complex password Keychain is a good place to keep your passwords.
As far as those users who would store critical documents “inside the drawer of the desk” even “the lower drawer”. They are probably more concerned with things like finding a place to store the freeze dried water they purchased for emergencies
I plan to stay with 1PW for the foreseeable future. It has additional features that I depend on.
Ive also been getting annoyed with 1Password. Maybe one of you guys can help me out. When i create a new account for a website, It asks for me to create a password. Where do i find 1Password’s “Password Generator”?
But it doesn’t always trigger the password generator, which means I have to show the password in Apple Password, copy it, and then put it into 1Password.
It’s things like this that make me want to move away, it just doesn’t seem to work every time.
Question
Should it also pop up for apps that need a new password??
Whether it pops up for apps depends on whether the app has implemented support for password managers in that form. Inside an app, password managers only exist as a system integration the app can use if coded right.
As for 1PW not prompting you to create and save new accounts in the browser, I’m not sure. I’ve occasionally found the Safari extension to flake out; restarting Safari fixes that. Understandably frustrating.
Has anyone ditched 1assword for the new and improved Apple keychain? If so I’d love to see a review comparing the two, and the migration process.
I’ve lost my once strong allegiance to 1P over the last year or two, and the last month has been the final straw. The IOS app is broken and won’t function with face recognition or touch ID. So when I need a password I have to enter my 1P pw twice. This started with IOS 16.1 (a month ago) and hasn’t been dealt with by the developers yet. This is just the last straw… I have other complaints relating to usability.
Basically, I don’t need to be spending time working to get my password manager to do its job. I just want it to sync, autofill, and generate passwords (and remember them) when I create a new login. IOW, the essentials, as simply as possible and without getting in the way. 1P has lost sight of its mission and has become a headache to deal with.
I also despise being forced into the subscription system after having paid for their version upgrades through the years. I think it’s time for us to part ways. I’d gladly give up complexity for simplicity and fewer features as long as there aren’t any huge holes left unfilled.
My employer has just started a roll out of 1Password. I’m not going to comment on it as I’m only in the pilot phase for “power users” don’t really have anything to say. We’re only rolling it out because of needing team vaults (and also because in exploring how people are saving their passwords, we’ve discovered that one member of staff keeps them on post-it notes, and one member of staff emails their passwords to themselves - both are on Macs. Don’t assume people are being sensible with their passwords, or even that they’re even using Apple’s software that is specifically designed to make life easier…)
What I am going to comment on is Apple’s keychain, which I’ve used since they released it and I do think is great. Over the years I’ve only had two problems with it, one of which is flagged elsewhere in this thread: it does not play nicely with non-Apple browsers. (I.e. I use Firefox sometimes and the keychain doesn’t offer to fill in passwords) That’s annoying.
The second issue may not be unique to Keychain. I have access to I think 6 different Google logins. If I need to look one of them up for something (e.g. when I was doing an in-app login via a Google account yesterday), searching in passwords for a Google login is useless, because it searches for the appearance of the word “google”, which is everywhere in keychain as I use a gmail account for many website logins. If I search for “Google” in passwords, clearly (to me anyway) I want a list of the Google websites that have passwords saved, not my own email address across hundreds of sites…
Incidentally @SteveU75, to confirm what @cornchip said, apps prompting the password manager is app specific as far as I can tell and a failing of the app developer not the password manager. The app I was starting a new “instance” for yesterday is very well-known and yet didn’t prompt either password manager on my device (keychain or 1Password) to populate the login.
Yes, I followed these instructions by Simon Støvring, which worked well. I also used this shortcut (an update to the one that Simon references) to recreate the experience of being able to open my passwords in an app, both on the Mac and iOS.
Personally I wasn’t especially upset by the move to 1Password 8, but Apple Keychain has now developed to the point where it meets my needs. It isn’t as flexible as 1PW in some respects, and I prefer the 1PW UI in the app itself, but for me that is outweighed by the deeper system integration, especially in Safari. In reality I don’t spend that much time in my password app if it presents my passwords for me at the time that I need them. I would obviously feel differently if Safari was not my main browser.
The process of moving over needed some thought (as Simon outlines) and it took me a few days to complete the transition. I kept my 1PW subscription for a while until I made sure that the transition went smoothly. Having heard John Siracusa speak on ATP about his difficulties with two factor codes I was worried about how well these would move over, but that has actually been flawless.
The main limitation for me has been that Keychain requires every item to have a URL, username and password; and not everything that I need to save has all three. You can work round this to an extent: for example I have put my email address as the username when in reality I don’t actually have one. Even so, there are some items that I have had to put in a secure Apple Note that were previously just in 1PW. This isn’t a big deal for me, but it might be for other people.
I actually think that 1PW is a solid product, but my experience has been that Keychain should now meet the needs of most people who are primarily Apple and Safari users.
This is also happening with 1password 7 still. I was wondering whether to update to 1password 8 to get around it, but it looks like that doesn’t work reliably either.
Yea, sites can set it up in a way that makes it more complicated, for sure. Of course, if someone swipes your device and has immediate access to your email, that’s a really bad thing if they know what they’re doing.
What I meant was simply about the desire for “automatic login.” The example screenshots above show that even when 1Password is working properly, you still have some extra taps to get logged in. Automatic login can happen on desktop browsers with password managers but is not allowed on iOS.
1Password 8 has been working fine for me since release. I don’t notice it being any more difficult to use than version 7 was.
- both are on Macs. Don’t assume people are being sensible with their passwords, or even that they’re even using Apple’s software that is specifically designed to make life easier…)
