Am I the only one in here who loves their hosted solutions? We use Teams at work and I use Family for my wife and I.<p>It's important to me that I have access to certain passwords on my desktop, laptop and phone. These items also need to be accessible to others who should be able to view/edit. There's no way to do with without some sort of cloud solution and so the decision becomes which cloud solution. I used to use Dropbox, but now have no need with Team/Family.<p>With teams, when a staff member leaves, we can easily remove them from the admin panel, update all passwords in all vaults they had access to and have those changes immediately available to everyone.<p>A lot of responses here sound incredibly paranoid and almost naive. If you're not syncing passwords between devices/users and you're not putting your information into the cloud then I would argue at some point you may be performing insecure actions to accommodate secrets use/management.<p>For example, how are you logging in on your phone to a service that requires a user name and password when the password lives only in a standalone system on your desktop? If you're not manually entering the password, you're likely doing something security-wise that isn't ideal.
Ugh. Agilebits left out until the very end that this is only for their hosted solution.<p>No surprise but looks like standalone users are left out in the cold. Again.<p>Much as I like and use 1Password every day, I really really do not like the fact that they moved to a hosted model.
> 1Password X was designed for our hosted 1Password service and connects directly to your account.<p>Agilebits/1Passwords continued shoving of their 'hosted' services down their customer's throats amazes me. I'm not even particularly against SaaS/cloud/hosted/subscription/whatever, except a password manager is exactly the type of product that I do not want in that type of environment. Is it really impossible to have a successful software business without this BS? I guess I am in the minority but I would much rather you charge me more for the software or charge me for the upgrades, than push me into your hosted cloud-subscription stuff.<p>Agilebits/1Password was by far the best product out there, with astonishing goodwill amongst their customer base, which they have managed to lose, not to competitors or outside forces, but rather by incinerating it themselves.
"1Password X was designed for our hosted 1Password service and connects directly to your account."<p>Nope, sorry. No. Never. I'd rather change password managers than rely on a small, niche company to keep the data secure and in sync -- larger players have a much bigger advantage here.<p>I can see a future coming when I'll only use 1Password on my phone, and have things stored on a secure enclave. It will be slightly more of a pain to use it on a desktop, but most browsers and operating systems are building their own simplified (and arguably more secure) password vaults...
Former LastPass employee here. Looks to me like 1Password is going full LastPass. First fully hosted passwords. Now support for extension only (which is way worse security wise).<p>SaaS margins and recurring revenue is better, and I guess their previous model was killing 1Password.
I have used 1Password for half a decade, but I'm pretty disgusted by agilebits behavior as they continue to shove non-cloud users aside. The amount of customer goodwill they've burned is astounding. I think it's time to start looking elsewhere for a password manager solution.
Was excited to read "Linux users and Chrome OS users could join in on the fun?" but then ". It works everywhere Chrome works" so still no love for Firefox users... Too bad the CLI is possibly the worse CLI ever made, otherwise Firefox support wouldn't have been so important.
In-browser password managers are completely insecure by design.<p>Any site can write whatever they want within the page, so it's easy to fake the prompt and steal the password. The only way to prevent this is if the password manager runs as a standalone application, so that the password is entered outside the browser. 1password has this, and the workflow is fine --- switching to the insecure one makes no sense.
The cloud storage they are pushing everyone to annoys me. I feel like it's just a matter of time before i will switch to something else.<p>Also, does the average person really need a $3/month subscription even though they could just store the few KB/MB of data in their iCloud/Dropbox/whatever for free? No they don't, but they probably won't realise that anyway. To me it feels like they are trying to fool people.<p>A 5 year subscription would cost you $3 * 12 * 5= $180
Who would ever buy 1Password software & upgrades for $180 in 5 years?<p>Even though $3 a month <i>feels</i> like a small amount, it isn't.
There is a segment of your users that still want the original 'on-prem' version that you started out with.<p>These nerds have money and understand you want a sustainable business model. Just charge these people an annual software maintenance fee and stop neglecting the standalone version. Yes it wont satisfy everyone, but it will stop all the negative PR that comes out whenever you do something that is artificially cloud only.
I find myself wondering if keepass is going to introduce a new vault type of small individual files in a directory and move into where 1Password used to be (including "cloud" using any of many cloud storage options).<p>edit: Seems to me that even if you set a fixed file size of 1-2k for each entry it wouldn't be too huge, or perhaps a dual-file per entry system with one small fixed-size file (128-256 bytes?) for indexed info (URL, name, username), etc. and a second fixed at multiples (or powers) of 1KB for added data (actual passwords, password history, notes, etc.) you could mostly avoid disclosing information even about URL lengths, etc. You could probably reasonably obscure a lot by doubling the larger file's size as the minimum increment and for most scenarios the file size would still be pretty trivial by modern networking/storage standards. Would stink for binary storage or images, etc. but there are different solutions available for that.
Ouch! I just switched to Firefox 57 and I can't use this new feature! Shouldn't the WebExtension be portable across both browsers with minimal work with Firefox 57?
Chrome only makes this effectively useless. Considering that the entire browser market is moving to a largely unified web extension format this is not that impressive. "Everywhere Chrome works" is simply repeating the mistakes of the past, but with Chrome now instead of IE.
s/the browser/Chrome<p>Hey 1Password, make this available for Firefox too. It should be relatively easy to port with WebExtensions API, since it looks like a toolbar popup.
I purchased the standalone Mac 1Password app, but moved back to LastPass.<p>I <i>hate</i> LastPass, and want to use 1P but LP just seems to work better. Despite being bloated and ugly.<p>Admittedly, I haven't tried 1P for around a year now. So as I have a license, I have been tempted to go back. Is it worth it?<p>My biggest gripe is in Chrome on iOS. Nothing <i>ever</i> seems to be able to autofill correctly and the UX is just horrible...<p>1. Tap Menu Button<p>2. Tap Share Button<p>3. Tap LastPass<p>4. Authorise Touch ID<p>5. Select Password<p>6. Autofill fails... Go back to 1. (Then hold to copy the password instead of fill)
Hi, big fan of hosted 1Password here!<p>I'm just curious, in the blog post you guys mentioned it autofills two-factor codes. I just tried using the extension on Postmark, and it didn't recognise the input field for my code. What heuristics are you using to determine the code input? As a front end developer myself, is there an autocomplete attribute for instance I could add that would help?
Too little and too late. It took then <i>years</i> to finally announce (partial) Linux support. By this time most multiplatform users like myself tired of waiting and switched to other password managers like LastPass.
As a long-time happy customer of 1Password I have quite a bit of a problem with them pushing their new hosted product. If you want to offer that as an alternative by all means do but don't make it the only long-term option.<p>I would have no problem with paying a monthly fee or paying for every major version (as I have done in the past when applicable) but I think for this use case being able to choose where to host your data - or to not host it at all - is much more justified than it arguably already is with SaaS products in other areas.<p>1Password certainly know their cryptography but do they also know how to secure servers and networks? I must say I trust Apple or Dropbox a lot more on this matter.<p>In general, the tendency to build and provide every aspect of a service is bothering me. Otherwise known as the Not-invented-here syndrome, which we largely thought to have overcome with the Internet and the age of hosted software, particularly Web 2.0 kind of SaaS offerings, this development amounts to tight coupling and agglomeration of features that are secondary to the benefit of the actual product at hand:<p>Why does every application apparently have to provide these features:<p>- file hosting and serving<p>- calendaring and event notification<p>- messaging<p>- PDF export<p>- and most famously: Email ("Every program attempts to expand until it can read mail.")<p>Why is it so hard to provide just the core features of your product and use other products and services by providers specialising in those to implement ancillary features required for building a product or service?<p>We still have to go a long way in terms of connecting with and building upon other services, one particularly preposterous example of which I recently encountered with a supply chain management process where a company used two perfectly fine - if slightly aging - applications to keep track of different but related data sets. In order to exchange data between these applications a PDF containing the relevant data is exported from application A, sent via email and finally manually entered into application B again.<p>The waste created by processes like this never ceases to amaze me.
I’ve been using 1Password for years, mainly because the data stays local. If they decide to go full cloud-mode I’m switching to something else or just write my own cli password manager.
Reading some comments, I feel like I may be the only one here: happy, paying customer. Had the standalone Mac and iOS clients, migrated to the Family plan when it was announced. Couldn't be happier. I really, really am. Love the 1Password.com client which displays all it usefulness on a guest computer. Can't wait to try out 1Password X, but unfortunately I've switched to Firefox recently :(
Agile Keychain - 41.9 MB<p>Created Wednesday, September 2, 2009 at 5:15 PM<p>Modified Tuesday, November 14, 2017 at 10:02 PM<p>I really don't like the idea of ever putting all my passwords on a server that requires Agilebits to run it. You guys are a dev shop. Let users keep their passwords themselves and keep the stand-alone version (and extensions for it!) going with simple version upgrade fees.
Anyone else having issues adding a second account? I goto chrome://extensions/ click on 1Password X "options" > + Add an acct. I then get prompted to login to my 1st account, have no option to add a second account.
It targets Linux users, but is Chrome-only (and not Firefox support?).<p>That's a really really odd, step to take, especially considering both browsers use pretty much the same extensions API.
Shout out for Avast Passwords. Already does much of this for free. 1Password and LastPass always really annoyed me with their freemium model. Avast Passwords doesn't make you decide between controlling your passwords and paying for basic features. Highly recommend checking it out: <a href="https://www.avast.com/en-us/passwords" rel="nofollow">https://www.avast.com/en-us/passwords</a>