Ongoing and related: <i>1Password for Mac Moving to Electron</i> - <a href="https://news.ycombinator.com/item?id=28143563" rel="nofollow">https://news.ycombinator.com/item?id=28143563</a><p>Recent and related: <i>1password is considering a self-hosted option to store vaults</i> - <a href="https://news.ycombinator.com/item?id=28104134" rel="nofollow">https://news.ycombinator.com/item?id=28104134</a> - Aug 2021 (215 comments)
I guess I’m the outlier in being very happy with 1Password and fine with paying for the subscription service. Not only is 1Password the best password manager I’ve used, but it makes it seamless to share stuff with my wife. I don’t care if 8 is an Electron app either, considering I usually interact with it via the browser anyway with their extension. (Also I know that the majority of what they wrote for it is Rust and fast, and I generally trust the engineers to do a good job since they’ve done a good job with it in the past) Also they make a CLI tool for accessing passwords allowing you to integrate password management there: <a href="https://1password.com/downloads/command-line/" rel="nofollow">https://1password.com/downloads/command-line/</a>
I am a 1PW subscription user and am happy with the product (however, seeing they are moving to Electron means that is very subject to change...)<p><i>but</i><p>Saying that "customers voted with their wallet" and chose subscriptions is disingenous<p>Ever since they've had subscriptions they've made the standalone license page extremely difficult to find on their site. They really didn't give regular users a "choice"- they dark-patterned them into thinking subscriptions were the only option<p>As forthcoming / down-to-earth as these posts from the company seem- they are full of spin. Their impossible-to-find standalone license page is a topic they seem to be avoiding.<p>Edit to add this small addendum: It just really bothers me on an emotional level to constantly run into this juxtaposition as a user of software/hardware: <i>liking a product but being extremely disappointed in the company offering it.</i>
I haven't had a single bad experience with Bitwarden. I even pay for it now and still run it locally just to support them. Highly recommended if you don't want to be forced into 1Password's service.
1Password used to be native on the Mac, and now it's an Electron app. I'm not going to be using 1Password for this reason, and I encourage you to do the same.<p>Subscription business models and non-native apps are hallmarks of rot by VCs. Dump them!
I love 1Password but the subscription-only path doesn't sit well with me. They're intentionally removing key features so they can justify providing a service that I can do myself.<p>I'm increasingly sick of good standalone software suddenly moving to this model. They are a business, I get it.<p>However how many subscriptions are we going to have to end up with?<p>I get it with Slack, Dropbox, Github, etc as they all started with infrastructure to run. But 1Password (and Adobe and others) are pushing profits far far above their users. It's a shame.
Well this is the end of the road for me with 1password. I refuse to use anything that doesn't have a local vault. The potential damage if my vault is somehow is accessed is too high, if the vault is stored in the cloud, how can I verify that no one can access it? In that case I have to give access to this app with little snitch since it relies on internet access which means that if I received an update that would disable end to end encryption, I would be none the wiser.<p>Granted, the chance of attack is small but the consequences are extreme. There's no single file more valuable on my computer than my password vault.<p>I prefered buying the license compared to the subscription but I don't particularly mind a subscription for a service I use regularly. I mind the risk to my privacy.
Scott Forstall, who led iOS until 2012 and oversaw the creation of the App Store, once said that he installed a new app every day to see what new ideas developers were coming up with.<p>The mass migration of apps to the subscription model has killed this sort of exploration and discovery of new apps. As one example, I recently looked for a flight tracker and many wanted more than $30/yr for a tool that is (to me) an occasional convenience.<p>I worry less about how much I pay to use an app than how much I'm paying when I'm not using the app. It sucks when I'm too busy to use my language learning app and yet somehow I still end up owing the app developer every month. By the time I end up canceling I might have wasted $60 or more, which certainly doesn't motivate me to install the next app that prompts me to subscribe.<p>I don't know the solution to adequately compensate developers for their work but I hope the subscription mania goes away.
Also a stand-alone user since 1pw4. This news finally got me to try pass, the command-line utility.<p><a href="https://www.passwordstore.org/" rel="nofollow">https://www.passwordstore.org/</a><p>The format is plain text. You can git control your password repo. You can organize into directories, etc.<p>It has an extension architecture; you can have it generate otps, for example. You can have specific passwords unlock with more than 1 key, if you want to do eg. family or business sharing.<p>There are mobile apps, browser plugins. None as smoothly polished as 1pw, but good ENOUGH. There are (imperfect) tools for migrating, but you can write your own scripts.<p>So far (using it for 48 hours) the worst part was setting up a gpg key.
The writing was on the wall when they took VC money[1]. Anyone has a good guide to move to Bitwarden/Lastpass?<p>[1] <a href="https://techcrunch.com/2019/11/14/fourteen-years-after-launching-1password-takes-first-funding-a-200m-series-a/" rel="nofollow">https://techcrunch.com/2019/11/14/fourteen-years-after-launc...</a>
Standalone user for about a decade now. I find this incredibly disappointing.<p>I don’t mind paying a subscription fee if that’s what makes the business work and allows continuous updates.<p>But either they give us a self-hosted option or I’m done with 1password. Keeping my passwords in someone else’s cloud is a red line for me.
Switched to KeePass when they introduced the subscription model. I believe the only app that I tolerate as subscription is Lightroom CC. I want to minimise subscriptions because otherwise it is 5$ here, 10$ there and at the end it can be a surprising amount I have to pay each year.
But yes, for some apps it may be worth it, but for 1Password I found suitable alternatives.
Like many others this feels bad to me. I was previously forced to upgrade to 7 so the Chrome extension worked and as a result purchased (again!) separate Windows and Mac desktop licenses. In trying to navigate the site to find out how to buy a desktop only client I encountered the multiple dark patterns to make this nearly impossible. It is no wonder that “97% of people prefer the subscription” since standalone was basically hidden. I love the product experience 1Password provides, I simply prefer managing my own vault (via Dropbox). Based on feedback here I’m going to evaluate Bitwarden. Sigh.
I appreciate the need for them to do what's right for their business, and that the HN crowd is probably not representative of their broader customer base.<p>With that said, they've lost a customer here. I would prefer not to pay a subscription, but I might have (though if you do the math, I've had paid upgrades frequently enough I'm not sure they'd have made more money off me with a subscription).<p>The sticking point is the lack of local vaults and removing the native app. Very disappointing.<p>The reason I used 1Password to start with and not KeePass was because it was Mac native. It is so deeply depressing to have faster and more efficient computers year-on-year and have all that efficiency wasted by moving to Electron apps. It sounds absurd to say, but there's a real ecological cost to less efficient apps too; it really does add up in aggregate.<p>The lack of local vault is the ultimate deal breaker, not because I think 1Password are untrustworthy, but because I'm reassured that I don't _need_ to trust them in the same way with a local vault as I need to if they're hosting the vault themselves.<p>I think what's most disheartening about this is that the customers who dislike this the most are also likely the customers who've been with them the longest and helped them build their business. I know I've been using 1Password since v2.<p>Given that password management is so central to our daily productivity, jobs, personal lives, I'm not surprised people have some very strong opinions about this. I hope the 1Password management read these threads, but I doubt it.<p>I will stick with 1Password 7 for as long as I'm able.
Damn. This is a huge mistake. I've used 1password for over a decade. I will happily buy an upgrade license. I just don't want another subscription to my credit card. This is rent seeking!<p>Maybe I'll try bitwarden.
I am a big fan of 1password. I was very unhappy with the transition to subscription only, and tried bitwarden. After months of futzing around with it, I went back to 1password.<p>I did so after reviewing their audit results, awhat they documented about their architecture, and after they added great support for Linux. At the end of the day, not everything is a conspiracy - and their model appears to be incredibly secure.<p>I would like the self-hosting option (that like Bitwarden, will still require a subscription), but a big part of what I am doing is sharing credentials with family. 1Password does a great job there.<p>Honestly at the end of the day, everything else is about your value proposition. I didn't know or realize that 1Password had shifted to electron as asserted elsewhere. I guessed that there was a new version given that linux was supported but it made no difference for me. Great for them. Likewise, they are far more secure then me editing a password file. Eventually the market will decide here. If people really care about swift versus javascript, then it will penalize them eventually.<p>That said, people arguing that dashlane and others are better then 1password, given that dashlane has access to your passwords, I can't imagine that this is a choice that makes any sense given the basic requirement of a password manager (keep my passwords safe).<p>--
edited correction - dashlane, not lastpass.
Oh well. I've been a 1password user for maybe a decade. I don't mind paying for a subscription, but they have become increasingly user hostile over time. Pushing the in-browser versions of the product, hiding the steps to enable local vaults, and now removing local vaults entirely.<p>Custody of your secrets is something thing a password manager should move <i>away</i> from, not toward.<p>I moved my data to Bitwarden this morning.
KeeWeb + KeePass + Dropbox gave me everything I needed to emulate 1Password, and I definitely recommend that stack if you're greatly opposed to this 1Password change.<p>That being said, the thing that got me to change was when I tried out 1Password for a month and ran into a few minor accessibility issues on their web frontend. I sent a support ticket and very quickly got a response back, was told those issues would be fixed, and then notified me several days later when they were. Like I'm paying 2.99 a month and still received some amazing support. I use a lot of open source projects, and if I have an issue then I try to upstream a fix because the maintainers are usually volunteers, but I've spread myself thin. 1Password gave me the impression that it's in good shape and has great support which was a burden off my mind.
Anyone have good/bad experience moving from 1Password to Apple' iCloud Keychain?<p>I've recently been using keychain for new accounts, but not sure I wanna bite the bullet and go all in - just need a nudge.
As far as I am concerned, this is a `bait and switch` tactic. It is unethical. And it is a surefire way to shoot oneself in the corporate foot and destroy customer trust.<p>Nobody who values security enough to use a password manager would leave their passwords at the mercy of the next corporate turnabout, when said corporation is evidently untrustworthy.<p>This is the same lizard-brain self-interest unleavened by any shred of higher brain functions that people like Shkreli exhibit: `the suckers have switching costs so let's jack up the price obscenely while reducing the actual customer benefits.` Some people should be kept away from MBA programs.
So ease of access is really the number one driver. Perhaps I'm just old, but I remember when security was never supposed to be easy. When easy, it is taken for granted, and therein lies the failure of security. So essentially this cloud model gives everyone the illusion of security. Probably nothing new, since its all theater at a certain point.<p>This is not to takeaway from all the technical details of 1Ps approach to this, but (once again) in light of what we have seen from the "Trillion $ darling of privacy", enabling scanning of personal content one has to wonder how long before the same is applied by 1P. Remember your vault can store just about anything. I am sure it is only a matter of time before the case is made that we must think of the children.<p>Irony of all this, I'm someone who is paid to migrate customer security to the cloud. Runs counter to my thoughts on the matter, but not those making the financial decisions on all sides. I certainly don't fault 1P for making the prudent financial decision that 95% of their customers have made. As part of the 5% I shall wring as much out of 1P7 as possible and eventually move elsewhere.
I use 1Password, and migrated over to their subscription service some time ago. A password manager seems like the best overall option at this time.<p>However, given they have all the password for many people, how are they not one of the biggest targets in the world? In their old Dropbox model, I understood the security model. In the service model it's moved to "Just Trust Us".<p>Is there anyone who can help me understand how this model is secure?
> This worked well for nearly a decade but by 2013 the cracks were already showing. By then we had client apps for all platforms, with each one requiring their own separate purchase, often across multiple app stores. And paid upgrades to major new versions were so incredibly painful for everyone involved that we rarely had any.<p>I think they are being fairly transparent. Starting in 2013 there old business model stopped making sense. They were selling individual products for each platform, while trying to integrate all platforms at the same time. The natural solution was to move to a subscription model for a unified service. This provides a mutli-platform solution and generates a continuous stream of income.<p>As a consumer, I actually prefer this model for a security app since it means that it will continue to receive regular updates. There is lots of competition in the space of password managers so I am not worried about them increasing the cost of the service to more than a few dollars a month (if they did this I would just switch to another service).
I honestly have 0 problems with this.<p>They’ve gone over and beyond to support old licences far longer than it could be expected, and a password manager is the kind of sensitive and ubiquitous product for which SaS actually makes sense.<p>Anyone remotely involved in anything similar knows it’s a PITA to keep up to date while keeping device compatibility, and the folks at 1P have been doing great work.
This makes sense to me. Lots of other products have head in the same direction over time (e.g. YNAB) for similar reasons.<p>SaaS is familiar to consumers and ultimately a nicer business model for most products. If you support SaaS for new customers, maintaining the old product / pricing model indefinitely eventually stops making sense. At some point you have to make a move like this.<p>It is probably particularly timely to do this because Lastpass recently changed their pricing model (whether deliberately aligned or not). It's no longer possible to use the free plan of Lastpass and use it on both desktop <i>and</i> mobile: you have to pick one or the other. For many use cases this is effectively a requirement to use the paid plan. So now 1password has the opportunity to push legacy users to a paid monthly subscription knowing that some portion who may have switched to Lastpass to avoid a monthly fee now won't be able to do so, and will probably just pay the monthly fee to 1password instead.
What am I missing with these paid/subscription services?<p>I personally use KeepassXC (Linux/Android). It's shared via cloud, I have a keyfile off device so I'm satisfied it's pretty much completely locked down.<p>Is it browser integration? Genuinely have no idea why I'd pay for this, or why I'd trust a company with my passwords especially when it's not local.
I know what 1Password is but haven't used it.<p>Are there advantages of using it over Apple's built in keychain?<p>Would appreciate if someone who has used/uses 1Password could comment on this.
I've been a happy user of the same version of 1Password 6 for many years, the last non-subscription version. It still works on MacOS Big Sur, and the classic extensions work in Firefox and Chrome (though not safari on the mac). When it stops working, I guess I'll have to look elsewhere.
<a href="https://clipperz.is/" rel="nofollow">https://clipperz.is/</a> is so much cooler and free. Best of Luck 1Password.
First Electron and now it is subscription only with no support for local vaults. That is a definitive scam and it turns out I was right again [0], when they added Linux moved to Electron and that was a hint in itself of where 1Password was going. [0] [1]<p>I'd rather use a standalone extension as a password manager than use a heavy Electron app that will run my Macbook to the ground.<p>It is either Bitwarden or Dashlane at this point.<p>[0] <a href="https://news.ycombinator.com/item?id=27194871" rel="nofollow">https://news.ycombinator.com/item?id=27194871</a><p>[1] <a href="https://news.ycombinator.com/item?id=27195834" rel="nofollow">https://news.ycombinator.com/item?id=27195834</a>
I got started with 1Password SaaS based on a work account and added it for my family, so I am not losing anything with this change. I've generally been pleased with the service and its definitely been an upgrade from LastPass in terms of usability and security (no random autofills into hidden forms, no breaches etc...)- that said I'm sad to see this direction. I can't see how this could have been costly to maintain, nor that it would bring them incremental revenue given the backlash and ample competition. Maybe predictable cashflows are worth it, but in principle self-hosting should always be an option.
Got 1Password 6 full license for OSX and loved it. Of course I bought also the Android app. Then switched to an iPhone and bought the app again, peanuts. Then I had to start using again PCs and bough the windows full license for 1P 7.<p>I still use 1P 6 on macOS even though the missing support for Safari sucks (that actually made me switch to Firefox!)<p>My point is, there is literally zero added value with the subscription, it’s like buying cars with loans, in fact by buying full licenses I saved money.<p>I hope that 1P 6 and 7 will last me as long as possible, I don’t see any alternative at the moment. IMHO all other options are less secure and/or less convenient.
As long as 1Password keeps their policy of not selling usage data to 3rd parties like LastPass does, I’ll keep using this service<p>Self hosting would be nice to keep though. Been thinking about setting up a server to hold all that stuff
As others have said, i much prefer to keep my password vault and hosting of it separate.<p>Being forced into a 1P subscription feels like a downgrade to me. I've been a faithful customer for years, and have used iCloud synchronization for years as well. My entire household uses the app (through family sharing).<p>Self hosting it is not an option for me (i know how to, and that's why it's off the table), and purchasing a $5/month subscription feels like it's overpriced for what it delivers. I can get 10 months worth of Family365 subscription for what 1P is asking for a year, and that gives me 6 accounts with 1TB storage each and the entire Office suite.<p>The thing that seems to annoy people the most doesn't bother me one bit though. If it works i don't care if it's electron or not.<p>I'm instead evaulating Secrets[1] as a replacement. It requires a $20 in-app purchase to unlock full functionality, but even with 4 people buying it, it's still only 1,5 years of 1P service. For now i will try to get the kids to use iCloud Keychain instead.<p>As for "what's the rush". 1P7 will receive updates for now, until it doesn't, and at some point an update to MacOS or iOS will make it stop working, at which point i will have lost access to my passwords. I much prefer to be in control of when that happens :)<p>[1] <a href="https://outercorner.com/secrets-ios/" rel="nofollow">https://outercorner.com/secrets-ios/</a>
I feel like Buttercup [1] doesn't get enough attention. Open source, available on all platforms, and has imports from multiple other password managers. If several people offered a small monthly donation for some time, we'd all be in a more competitive situation with password manager companies whose interests drift from our own through time.<p>[1] <a href="https://github.com/buttercup/buttercup-core" rel="nofollow">https://github.com/buttercup/buttercup-core</a>
Apple user for over 20 years. I loved my powerbook 4g and loved the first iPhones. Even though they were not the first mobile nix systems (love for the n770 Nokia tablet with Debian and root!).], I felt empowered being able to hack them easily, getting shells running and recording/analyzing sensor data on them.<p>I feel more and more uncomfortable in the Apple / iOS ecosystem. It’s getting closed down and commodified. Even when there is something cool in terms of tech, they know how to spoil it.<p>Instead of dealing with Pegasus head on and starting to fix the security culture of iOS/Mac, they make our systems less secure (less open and less hackable).<p>I find it sad that there are no viable alternatives for non-tech users. I switched last week to a Librem 14 with Arch Linux, KeepassXC and a pixel 5 running grapheneOS, Miiband 6 with GadgetBridge, a System 76 for work. I honestly love it, there are some hiccups, yet it feels exciting, similar like switching from Microsoft to Apple did 20 years ago.<p>Also moved from programming objective c / swift to rust, elixir and flutter/react. That seems where the innovation happens today for me. As I work in research I have the Privilege to easy switch … we need better alternatives and I feel even stronger about supporting open source and projects and companies that care about it (pine, purism, system76, mozilla, …).
I've been a happy user for over a decade (with a little break in there when I relied on iCloud Keychain), and happily transitioned to the subscription model when it came out. Frankly, it just made more sense - I use it on a ton of different devices, and buying a standalone version for each one cost more than the sub does.<p>I'm also not worried about the Mac app moving to electron - I interact with 1password via my mobile or browser plugin 99% of the time anyway, so I just don't really care.
I have the last non-subscription version on my Mac, PC and phone. They sync through Dropbox.<p>The chrome extensions stopped working a few years ago so I got into the habit of just manually searching, cutting and pasting my passwords, and saving new ones. I don’t even think about it and it’s very easy. Paying $3/month to have it automatically populate the user name and password fields isn’t worth it for me, especially when the browser does this pretty well once you input it the first time.
This is disappointing. I have been using 1Password for a long time. I'm not opposed to the subscription model per-se, particularly for critical software to ensure it is supported.<p>But I don't want or need my passwords in the cloud. I don't want or need it to be an electron app. I want a simple, lightweight, highly secure, with good UX password manager. 1Password used to fit that bill. With each successive change it moves away from that.
Is there a single reason to use 1Password instead of Bitwarden? Bitwarden has a better UI, supports all the same platforms (including browser plugins), lets you easily manage true separation between profiles (unlike 1Password, which essentially forces you to use a single master unlock for say work and personal), and most importantly, lets you self-host. And it's free. 1Password is consumer-hostile and an inferior product.
Keepassxc with Dropbox works good and is super secure!<p>It accepts Yubikey, is open source, has good reputation and is free.<p>But please donate. Developers spend a lot of work on FOSS of all kind.
fuck these guys. seriously.<p>I've been using this product since 3.x. I chose it because I could use a wide variety of syncing solutions. It did what it said on the tin. Gave me a place to store my passwords that was secure.<p>I was a happy user buying upgrades whenever they came out until 7.x where it took me over an hour to figure out how to buy the non-subscription/cloud version and instead find the link for the standalone version.<p>I paid for versions that I honestly didn't have any features I cared about simply because it kept doing what I wanted it to do.<p>Gone are the days when you can buy a hammer, and use it to hammer just as many nails as you like until it breaks. Now we have to rent a goddamned hammer apparently. Even that wouldn't be so bad if I could still keep my passwords out of their cloud provider.<p>They've fucked up, they don't think they have.<p>So what are the options for someone who just wants a simple place to store a bunch of passwords encrypted in a secure way. With decent clients for ios/mac/windows/linux that lets me be the only person who has their hads on those encrypted bits?
I am a subscriber, an I was a standalone customer before. I've tried to self-host bitwarden-rs, but found the UX and browser extensions being subpar - and I want my wife and parents to use a password manager, too.<p>It runs well. However, I do not thrust their cloud (or any cloud) completely. I still have a local vault, which is synced locally on WiFi with passwords to my router, NAS, bank cards and accounts, mail accounts. The idea is that should there be a breach at 1password.com the critical accounts do not leak and the damage is limited.<p>Edit: Local vaults are not available anymore: <a href="https://1password.community/discussion/121638/what-is-the-future-of-local-standalone-vaults" rel="nofollow">https://1password.community/discussion/121638/what-is-the-fu...</a><p>I have to look for another solution, then. The all-in-cloud bullshit is not acceptable.
This is terrible news. I am thinking the push to subscription related to their recent fundraising round.<p>I am happy paying upgrade price for each new version of 1Password but I hate the idea of a subscription.<p>Dropbox syncing works well for me.<p>1Password has done almost everything they can to stop people from using the standalone version. I am disappointed and angry.
Maybe I'm missing something here, but I've never understood the value of any of these password services. How can it possibly be more secure to have your entire digital life hackable with a single cloud based point of failure? Surely it's safer to simply use an encrypted text file on your local PC.
Done with them. I have been holding out on 1Password 6 for years. The fact that you can’t get the safari extension without going to 7 has had me considering moving for a while. Now it is without a doubt that I will be migrating to bit warden or something similar. Another great product ruined.
For folks looking for a pay-for-it-once app with Mac, iOS, Android and Windows clients, that can sync via Dropbox or Webdav:<p><a href="https://www.passwordwallet.com/" rel="nofollow">https://www.passwordwallet.com/</a><p>I've been using this for probably a decade now. The UI is ugly as sin, but it works well. I use the Apple Keychain for almost everything, but for my critical passwords, I have copies in PasswordWallet.<p>PasswordWallet has one feature on macOS that I've not seen in any other app: auto-type, for those times you can't paste into a password field. I use it rarely, but it's nice to have when I need it.<p>(I have no idea if the Android or Windows clients are any good. I use it only on macOS and iOS.)
I subscribed because I had to. I have no time to follow the last changes of a company and its app.<p>The current app is already bloated by features I don’t use, so I hoped for another evolution of this software.<p>(i also don’t like the web platform with all those emoji and cheesy design)
I'm chillin with 1Password 4 or something. Presumably some MacOS update will break it due to their use of some hacky undocumented API (like Omnifocus2) but until that day comes I'm quite happy syncing to dropbox. I don't like the insecurity of having to pay for something that stores critical data on an ongoing basis. If it's optional, I can make that choice. I do also like a native mac experience.<p>That said, I'm sure a lot of people value their current offering for a variety of reasons, and it obviously makes good business sense. I've been burned by subscriptions in the past though, and I don't want to deal with that again if it can be avoided.
I think one of the best things the U.S. government could do would be to buy and nationalize 1password and give everyone a license. Canadians too, since it was one of your companies :-)<p>I am being intentionally outrageous but do genuinely feel that a good password manager is foundational to good digital security and I find it baffling that it does not come bundled with operating systems or in some other way offered for free. It's such a basic thing that could be done to increase collective resilience to digital attacks.<p>(And if 1password doesn't want to sell there should be funding for an open source equivalent with a default server hosted by either the government or a trusted nonprofit.)
There's nothing better for orgs right now. Every startup I know of uses it heavily internally. 1Password is here to stay, though this opens up the market a bit for a free competitor or open source project to come in and really disrupt things.
I've been buying licenses since version 3 (2013) even after they started to hide the option.<p>Sad to see 1Password use dark patterns to push people towards subscriptions then twisting that into that people don't want licenses, at least be honest about it.<p>+1 customer lost.
Oooh, I see, my passwords are far more securely secured in The Cloud then?<p>How do they plan to stay in business? "We have your passwords now! You would not want to lose them unless you agree to our new pricing policy now, would you?"
I like 1Password so much I don't mind paying for a subscription. But I have to draw the line at no local vaults because there's no other way to keep work data separate without violating company policies.
I've never tried 1Password but I've seen many here who endorse it. Does anyone have experience with both 1Password and KeepassXC? Especially with 1Password local vaults...
I'm still baffled why anyone on HN would be using anything other than <a href="https://www.passwordstore.org/" rel="nofollow">https://www.passwordstore.org/</a><p>A dead simple (in the good sense!) CLI program that lets GPG deal with encryption and git deal with synchronization and distribution. It's perfect. And FOSS, of course.<p>You don't even have to run your own internet-facing git repo for synchronization across devices. You can just put it all on GitHub or whatever.
I've stuck with 1Password for a long time, because it will work on the occasional Windows machine I need to use. However, it doesn't integrate as well as Apple's native key manager. I've been on the fence about just giving it all to Apple, but it's, like, the one thing out of literally DOZENS of services that I use that Apple does NOT control, and it's kind of important. So I'm really conflicted about the whole thing.
They said that 97% of their users are already on subscriptions. I get that local vault users are disappointed, but there's an app for you and it's called Bitwarden.<p>I think 1Password made a smart business decision. By cutting loose the need to support local vaults, they can focus more development energy on other things that 97% of their users will appreciate. It's a numbers game.<p>That said...Electron? Ugh. I already spend half my day grumbling about the Slack app.
I'm considering to buy macbook soon and I was thinking about moving from KeePass to 1Password, as KeePass sync between Linux and iPhone was not very nice, but reading those news I'll keep using KeePass. I hate subscription software and I'll avoid it whenever possible. Also $3/month is just too much for such a simplistic service.\<p>Edit: if it's an electron app, my comment does not make sense, sorry, I'd never buy it anyway.
I highly recommend Enpass -- solid UI, single purchase, local vault, and a very handy option to sync via Dropbox (and probably through other services as well).
> And now that we’ve started to roll out the next generation of 1Password apps, it’s time to say goodbye to standalone licenses.<p>Well, that's the end of my interest then. I had some curiosity after seeing the Rust integration, but I'm not going to pay a subscription fee to sync the smallest part of my day-to-day life. The convenience really just isn't there for me in a subscription. And no local vaults? Double no, please.
The thing I genuinely don't understand, and I really hope a 1P employee can answer for me, if it's true that 97% of your customers are subscription and have online vaults, why not just leave the other 3% alone? We pay for your service, we love it, why not reward that?<p>It's not like maintaining standalone licenses and local vault storage is hard, it's already there. Just maintain it.
I recommend this every time a similar news item gets posted.
Password Safe (designed by Bruce Schneier). I use the iOS and Linux apps and keep them synced via DropBox. Been around for years (I've been using it almost as long). Still getting updates. Still works.<p><a href="https://pwsafe.org" rel="nofollow">https://pwsafe.org</a>
The only fear I have with 1password (or any password vault for that matter) is that one day they disappear or see great malfunction losing my data. The thought of having to reset my password everywhere is gut wrenching. Some accounts I don't even remember I have them yet sporadically use them. Losing all of it would be a problem.
I'm using PasswordSafe probably last 2 years and happy with it. Open source, multiple vaults support, good UI, easy click-to-copy after search query.
<a href="https://gitlab.gnome.org/World/PasswordSafe" rel="nofollow">https://gitlab.gnome.org/World/PasswordSafe</a>
> <i>Every so often one needs to go back to the drawing board and rebuild things completely in order to soar to ever greater heights.</i><p>No you don't. When you have an awesome product that people love, you just fucking leave it alone. These "rebuilds" <i>always</i> make things worse. See also: Spotify.
I gave up with 1Password around version 7 because of the push for subscriptions and switched to Secrets (Mac and iOS) - <a href="https://outercorner.com/secrets-mac/" rel="nofollow">https://outercorner.com/secrets-mac/</a>
The argument they're making in this longwinded post applies to most software today. Standalone licenses made sense when your life revolved around one PC saving data to its own hard drive. Today, if you want that, there are great free/DIY options.
Well, f** 1Password then.<p>I am currently still using them, but once my current apps are no longer supported, whenever that might happen, I will move to another solution rather than paying a subscription for the privilege of storing my data with them.
I’ll switch to Bitwarden!
Wait… Bitwarden is cloud only?
Wait… Bitwarden doesn’t allow offline editing?
Wait… Bitwarden has a self hosting docker which will end up using more RAM than an electron app?<p>Uh, I guess I’ll use KeePassXC then.
Well that's the end of me using one password.<p>Trying to buy 1password 7 with a local vault was literally the most miserable software experience I've ever had in decades, so I'm not surprised not many people were using it.
I'm seeing a lot of "I could do this myself" in this thread.<p>Okay. Then do it.<p>Make your own password manager. Make your own browser and iOS/Android keyboard extensions for it. Make your own cloud backup/sync of your encrypted passwords.<p>Do it.
Can anyone confirm for me. Is it still possible to buy a stand alone license for 1Password 7? I had heard if you download the Mac app from their website it was possible however I can’t see a way
With the Apple iCloud Keychain supporting one-time (the google Authenticator style) passwords from the next major Apple OS release, I have no reason to continue to use 1Password.
I am fine with the subscription but I need local vaults. That said, macos has been making 1Password less and less differentiated, so guess I wont be renewing my subscription.
I switched to Bitwarden a long time ago. I pay for a premium sub now, should probably upgrade to a family plan @ $3 a month just haven't got around to it yet. Worth it.
For somebody who's in the Apple ecosystem it seems to me that a password-protected Numbers file should suffice. Are there security implications that I'm missing?
Due to forcing me into the Subscription model, I migrated to Bitwarden recently and never looked back. It’s been working flawlessly for several months now.
Well—that’s it for me, I guess. Used them for years, but I’ll switch to the standard Apple password manager.<p>I believe in buying my software once. Not monthly.
I'm glad I've been using Bitwarden anyway, I guess, but to me, this is totally unacceptable for security-critical software. You absolutely need to make it possible to self-host. If you're content to only ever be available to low-information, low-effort individual consumers, fine, I guess that's a market, but you've locked yourself out of ever being able to sell to high-security organizations that can't use public cloud services.
I actually don't have a problem with this, but I do have a problem with press releases that are sprayed with emojis. It's incredibly unprofessional and gives a real amateur flavor to the whole thing, which for security software is really offputting.
Obligatory BitWarden link: <a href="https://bitwarden.com/" rel="nofollow">https://bitwarden.com/</a><p>A good open-source alternative, I've been running it for a few years after I grew tired of 1Passwords shenanigans.
i don't see any real security model here. online only is insecure by design. Hopefully for customers who stick around the user experience continues to be first class, at least, but I have my doubts about that as well. I don't know anything about this company or who makes the decisions, but as a user, in my opinion, 1password used to make every decision in a way that I would have considered correct. 1password made good decision after good decision after good decision as they grew as a company over the years. Every decision was user and security focused, and the product was consistently excellent. those days are over, apparently. from my perspective, there has been a massive shift in company/product values since the shift to the subscription service. I wish them well.