Why does 1Password always bring so much controversy in discussion forums? I’ve been a happy paying customer for 10 (!) years. I was there for the migration to a subscription model. I introduced Teams at my company eagerly when it launched. I updated to 1P8 recently without thinking about it, saw the new UI, thought “huh, neat” and moved on. Performance is fine. I barely noticed the change.
I am a professional, and don’t mind paying their very reasonable subscription so they can continue to actively maintain the security and functionality of the software that literally protects my entire digital identity. I’m baffled by how many people in our industry are upset by their business model. If you’re making six figures writing software and think $3/month for a cornerstone of your security suite is offensive, you need to grow the fuck up, frankly.
Likewise, I don’t care how they moderate their forums.
The comments in these threads always feel so self entitled. Use another piece of software if those things are important to you. Plenty of us understand and appreciate the value these guys are creating for us. For me, nothing compares. I’ve tried Keepass, Bitwarden, Apple’s built-in thing, Enpass; they are all either amateurish or missing key functionality that 1Password has that I use every day. All the same, I’m happy they exist. Some day I may need them. I hope more pop up.
Anyways, if you’re a dev or employee at 1P I’m writing this for you. Sorry about the jerks. Plenty of us out here love what you are doing.
As someone who has been using 1Password from almost the very beginning, I think the issue with the forum stuff is trust. If you're trusting a company to store your passwords and credentials in the cloud, then there's a certain level of transparency and openness that's required. I also have not had any issues with the subscription model, despite using standalone vaults for as long as possible, and the performance is fine for me on v8 (but I also have the newest Macbook with max RAM so that might not be the case for people on older/less-capable machines).
I, personally, am not happy about the way that this or the subscription update have been handled because, to me, it makes me question how they would communicate something far more serious. If they're delisting forum posts because of a decision to not update their app in the Mac App Store yet, how can I be sure that they won't delist forum posts when they have a data breach? How can I be sure that they're not obfuscating other things that are more important than forum posts to try and sweep bigger issues under the rug? It's like the old adage goes - "If you're willing to lie about something that doesn't matter, what are you willing to do about something that does?"
These moves are forcing me to, at the very least, start looking at a new password manager. 1Password is still the best, in my opinion, in terms of features and usability but that won't always be the case and transparency and respect for your users are far more important to me than niche features. If I can't trust your company over something small, there's no way I'm going to continue trusting them with some of the most important info in my life. I currently use both LastPass (not a fan) and 1Password. I'll be re-evaluating KeePass and Bitwarden because of this.
I went through the process evaluating Bitwarden recently. It's a shame but it's many years behind 1Password and their roadmap doesn't really appear... hopeful towards catching up.
I'm waiting for someone to actually build a better 1Password, learning from the mistakes, rather then migrating to something else right now.
As a happy paying (both corporate and personal) Bitwarden user, the only gripe I had was the lack of multiple-profiles on the same device (which was recently added and works great). We came from KeePass though, so we're likely a more "spartan" user of password managers than some.
Not GP. Custom items (like WiFi passwords, software licenses and many more). It’s been requested and promised with a “we’re working on it” for many years. If there’s one thing Bitwarden is, it’s very slow on developing features that users have asked for. Its focus on enterprise integration makes it seem like the actual product is not actively developed to improve it.
We have templates for both software licenses and wireless routers. :)
Custom templates have indeed been on the wish list for a long time. It has proven to be a much more difficult to deliver feature than anticipated. We actually built it, and it is in beta (available to 1Password Business memberships), but we couldn't get buy-in on the implementation. It is something I continue to advocate that we re-evaluate, but I couldn't say if or when it'll happen. -Ben, 1Password
Happy paying customer here as well. I would looooove to have email protection/relay service included to 1password. The synergy is real between those 2 services, and I would love to see it happening.
EDIT: was unaware of it of 1password integration with Fastmail. This is actually possible.
I feel the same way, and I'm firmly in the camp of "roll up my sleeves" if there is work to be done, but I have heartburn about doing that for Bitwarden for a few reasons:
* their problem doesn't seem to be "we don't have developer bandwidth to add this nice feature," but rather (from my perspective) they're so lacking in discipline and execution. In other words, the PR to fix any such bugs would be so massive as it might as well be a fork
* and that's just on the bugfix side -- anyone who thinks manually created folders are superior to tags ... well, there's no PR to fix that
* them being open core(?) makes contributing feel like free labor for a commercial company. I have less heartburn contributing fixes to GitLab because they do have a for-real open source offering (the CE edition) that one can run without drama
I'm a 1Password user, and the main thing that stopped me from using Bitwarden was them not having Account Switching.
They've managed to implement it in their clients in March this year [1], and I've been moving some of my shared credentials over to a self-hosted Vaultwarden server.
What other features do you think are missing from Bitwarden?
What does 1Password have that Bitwarden is missing? I mentioned elsewhere in the thread that I just switched from 1Password to Bitwarden about a month ago, and apart from the lack of touch ID support on the desktop and the Large Type feature, which are only minor annoyances, Bitwarden has been just fine for me.
There's a lot that's missing. Someone else provided a list but there's a big chunk of things (like SSH keys) that aren't available in Bitwarden. Take this with a grain of salt, though, as my assessment is based on what I looked at last year.
That was the case in the past when I evaluated it as well but, as I mentioned in my post, trust is more important to me than features and flash. I can usually find workarounds for features and flash. I can't find workarounds for trust in a security-focused company.
I never tried 1password, but I am using Bitwarden right now. What features are important to you that Bitwarden is missing? Just wondering if I should give 1password a try as well.
This perfectly summarizes how I feel about Agilebits. I no longer really trust them. For me the big loss of trust started when they stopped encrypting stuff in memory in the 1password4 release. They've gone back to it, but it was a real violation of trust.
I don't know. Forums like this, at companies like this, are maintained by one of marketing, sales, success, or some blend of the three (revops? engagement? pick your poison).
In the best case, a low level employee made bad choices. More likely than that, a higher level leader in one of those orgs is enforcing a policy decision of theirs. I seriously doubt a C level is involved in any way with this decision.
I just don't see how this decision has any bearing on my trust in what they're building.
1. Senior staff, including Dave (the owner of AgileBits), participate in the forums and are participating in the exact discussions in question while completely ignoring the questions people are asking. It would be hard for them to claim ignorance of what's going on.
2. This also happened during the subscription phase and it happened during the sunsetting phase of standalone vaults so this isn't a first-time incident or atypical of how they respond to stuff from a PR standpoint. It seems like, as a company, their position is to ignore the things that they don't have canned responses for and only answer the things they do have canned responses for and it's obvious that this is what happens to everyone participating.
Again... product-wise, 1Password is superior in almost every way to others. As a company, though, it's hard to continue to support them when it would be far more effective to just be honest and say "We've decided not to do x at this time because of y" or "We're going this route because of y and we understand that that's not for everyone but it's much harder for us to do x when only z% of people use the feature."
> Why does 1Password always bring so much controversy in discussion forums?
It's because 1Password was targeted at tech enthusiasts at the beginning and has migrated to a mass-market product over time. The desires of the tech enthusiast group differ (on average) from the goals of a mass-market consumer product. Every time they switch away from something enthusiasts value (perpetual licenses for a specific version, optimized native apps) the early adopters get upset. The average user doesn't care all that much.
> If you’re making six figures writing software and think $3/month for a cornerstone of your security suite is offensive, you need to grow the fuck up, frankly.
For me, it's not about the cost. It's about managing one more subscription. My credit card bill is full of little monthly subscriptions, and at this point I'm tired of adding new subscriptions at every turn. Subscriptions aren't a big deal for the first 5-10 services, but once you're juggling 20+ recurring charges for things that don't really need to be recurring charges, it's tiresome.
I would gladly pay a premium to have a one-and-done license (for a specific version, just like they did in the past) that didn't add yet another monthly payment for me to manage and another system I need to update when I get a new credit card.
Also, my password manager is a critical part of my digital life. It's not ok for it to go down. What happens when payments fail for whatever reason? Shit happens. Should I regress to making up passwords on the spot and writing them down?
I'm very happy to pay $50+ every year or two for a password manager with great UX and cross device support. It is not ok if any functionality is contingent on a subscription though. I really like the Jetbrains model, where if your subscription lapses your software just keeps on working — no updates though.
It's not like 1password is gonna delete your data or block you from accessing your data if payment fails and your account is frozen. It just gets into read-only mode.
> Subscriptions aren't a big deal for the first 5-10 services, but once you're juggling 20+ recurring charges for things that don't really need to be recurring charges, it's tiresome.
The world is going in this direction, however: everything is turning into Cloud+SaaS to charge for use instead of bill once and forget. The next big thing will very likely be a service that makes extremely easy to aggregate and manage the 465 or maybe 3044 micropayments per year one will need to use his compu... er... stupid terminal a few years from now.
I and many others will never stop critiquing software, especially commercial software, sorry. I really don't understand your reasoning. Just sounds like "shut up and go somewhere else". How about you ignore the comments you don't like and happily continue to use the software.
Trendy complaining at best. You've got people here and there talking about how electron is a full browser and that all electron apps use gigs of memory. These are no more software critiques than my fear when turbulence hits a critique of the pilot's skills.
IDK, have you seen threads about Go generics, or Uber, or JavaScript/Electron, or Windows 11, or Tesla Autopilot, or China, or the US, or systemd, or...
I think one major complaint from former users like myself — I started using it over a decade ago as well — is that we bought their software by paying upfront when it had bring-your-own syncing and no (or at one point optional) subscription. Then they intentionally broke bring-your-own syncing, and eventually killed it entirely, switching everyone into a "free" client with a forced subscription without refunding people who paid upfront for the client. That's a dick move — and sure, it's not a ton of money, but that doesn't excuse being dicks. Given that there are OSS options out there e.g. KeePass... Why stay? And for large teams, LastPass has owned the market for a while now (1Password literally cloned their business model), and didn't pull a bait-and-switch; you knew what you were getting into, and why.
They also used to be pretty bad about cross-platform support; no idea if that's still true.
> Given that there are OSS options out there e.g. KeePass... Why stay?
Speaking for myself: because 1Password works everywhere I need it and it means I don't have to think about it. OSS is great at a lot of things. KeePass's user experience is indicative of a place where OSS frequently is not. If I have to think about my password manager, it isn't doing the job I need it to do; when I trialed KeePass, it made me think about it, therefore it doesn't work. For me, of course. Your mileage may vary.
I was a 1Password user before they moved to a subscription model, and I was mildly affronted that I would be stuck on an older version if I wanted to keep out-of-band syncing. More than mildly, honestly. Then I tried a bunch of alternatives and they were all, for my purposes, significantly inferior, either in the "I do not trust them to hold onto data" sense or in the features sense or both. So I tried 1Password again, realized that yup, it's still tops, and that $3 a month is way, way too little money to be agitated over. I have realized way more value from 1Password than I have paid either for the original purchase--which I used for quite a long time--or from my subscription.
I use it because it makes my life better. Surely you can understand that.
> And for large teams, LastPass has owned the market for a while now
I don't think that I know a single security professional in my circles who would recommend LastPass unless the alternative is "don't use a password manager".
I believe that subscriptions are a terrible way to sell software and and per product cloud syncing is awful, rent seeking design.
1Password used to let me buy the software and sync how I see fit. That is, it was decent and reasonable software. I was happy to use and recommend it.
That’s no longer the case and I feel like a fool for recommending it, having left those people stuck in a predatory model that I consider at best a bad deal and at worst unethical.
So yeah, I’m going to criticise.
And no, I don’t feel sorry for the staff of a company operating on a business model that should probably be illegal.
The controversy for me isn't that they moved to a subscription model, its that they moved to a cloud only model and completely broke their offline-sync yourself vaults. Its that they maintain an almost hidden version that allows you to keep using your offline vaults, but it incompatible with and separate from their cloud vaults (really counterintuitive if you accidentally stored some stuff in the cloud vaults). The browser extensions for their older offline vault keep breaking as they are only incentivized to move you to the subscription model one.
There are plenty of people and organizations that I prefer the Teams, family and subscription model for.
Its just a bad experience. And yes, their audience has also used Keepass, Bitwarden and others, and see 1Password as the one capable of not fucking it up but simple did any way?
I get it that they don't see an obvious way to do subscriptions that people can't circumvent. It just also brings a lot of skepticism for what other economic pressures are going to guide their decisions, and when.
The subscription model means that the US government can shut my business down by instructing payment processors to stop taking payments from me, or heck even EMV can do that on their own bat like they do for adult services. If you think the complaints about subscription models are because of the price, it’s you that needs to grow the fuck up, personally.
Then there’s the SaaS model where my data is stored on US servers. If at any point the someone in the Internet decides to break BGP, sever an optical fibre, or any number of other shenanigans, I am left with what is effectively read-only access to my vaults. I have no option for self hosting to protect against hostile action between international parties that involves me or Agile Bits as collateral damage. We run our own optical fibre networks to ensure continuity of communications in the face of hostile/negligent behaviour, but with 1Password we do not have the option to host our own security.
Then there’s data sovereignty. Agile Bits is a US company, and the US government has shown its willingness to spy and sabotage in the past. Whether it’s intercepting sensitive data in transit (echelon/airbus) or building weaknesses into encryption standards or installing malware on equipment in-transit or sabotaging chip fabs to produce less random RNG, the US has done that.
There is no trust here.
Agile Bits even put out a “survey” to gauge interest in self-hosting as a means of shutting down discourse on the topic. If there was any intention of supporting self-hosting they would just release a trial product which would be a great demonstration that their business continuity plan would work because self hosting would be the same as Agile Bits hosting. Just run the containers on your own docker instead of Agile Bits cloud.
The most “entitled” comment here is yours, talking down to everyone else as if you are the only adult in the room.
Not trying to be pedantic, but AgileBits is a Canadian company and has servers in Canada, the US, and the EU. I think they also released a gift card solution to address the concern of recurring payments, or maybe for privacy. I never really understood the use case for this (besides using it as an actual gift), but you made me think about it now. Having said all that, I think your points still stand, but for me I haven't found a company that is more trustworthy. FWIW, I use 1Password at work and KeepassXC at home.
What a weird comment. People are being negative because they don't like their actions. It's not that complicated. You aren't even making a counter argument. "Just use something else." is just dismissing criticisms. That is willful ignorance.
I don’t think it’s self entitled to expect the software you paid for to keep its original functionality. They kept using dark patterns to enforce the switch to subscriptions.
Thank you so much for this post. The hate they are getting over moving to Electron is, frankly, ridiculous. I'm a long-time customer and I'm finding 1Password 8 to be an awesome update and I don't notice that it's not purely "native" (whatever that means anymore). The reality is most users don't notice it because the app works great and electron/web views are actually really solid. The 1P team deserves credit for some of the solid UX improvements they've made as well!
Spoken like someone who did not use the "drag this window on top of the QR code on your screen" feature, nor its ability to detect native application's bundle-id and fill in passwords based on the application currently in focus
To include Windows users in this fun, previously one could invoke a hotkey and 1P would offer to auto-type into almost any Windows dialog on the screen. Poof, gone
I bet I could come up with 15 other things if I thought about it. Engineering is filled with tradeoffs, and so they made the "we don't enjoy writing cross platform code" versus "we really made our user's lives better by having native code integration capabilities"
> Spoken like someone who did not use the "drag this window on top of the QR code on your screen" feature
This feature still exists, and it is even easier to use. You no longer have to drag any windows around. The QR code just has to be on screen and you press the button. :) If you're having trouble with it please reach out as we'd like to troubleshoot.
> nor its ability to detect native application's bundle-id and fill in passwords based on the application currently in focus
1Password 7 didn't do this? It didn't fill in any 3rd party apps except browsers that had our browser extension installed. 1Password 8 actually not only detects these apps but also fills in them. https://support.1password.com/mac-universal-autofill/ If that is not working for you, please reach out.
> To include Windows users in this fun, previously one could invoke a hotkey and 1P would offer to auto-type into almost any Windows dialog on the screen. Poof, gone
Agreed. I miss the one too. I'm hopeful we're going to be able to bring it back soon.
Just because they moved to electron for the core client doesn't mean they can't add native extensions to add those features back. It's still a fully native app they are building and shipping at the end of the day (just happens to do a lot more work in the web view). I suppose losing those features is a trade-off they made in order to get the rewrite done but wouldn't be surprised if they add in those features later.
And the Windows app was in need of a serious update, the experience was not great.
We can't pretend that engineering for different platforms has no overhead. If they can now move faster shipping new features to all platforms on day one, users will win. There is going to be a transition period where things aren't at parity yet and that's understandable.
I don’t care about the subscription - if anything it’s on the cheap side for the value it gives. I too migrated several companies into teams over the years.
But, electron: no. I use a Mac primarily, and I want Mac apps that take the platform seriously, and integrate well with it. Regressing from that means you lose my business.
We have a deeper level of integration with the Mac than we've ever had. For example, 1Password 8 can now fill into many non-browser 3rd party apps, which was never possible before. https://support.1password.com/mac-universal-autofill/ -Ben, 1Password
1Password8 for Windows (which I upgraded to blindly) took away a core security feature in my view, which was "unlock on secure desktop". They say it's in-progress[0], but it's been 9 months already.
Btw, "unlock on secure desktop" basically opens a desktop where no other app/windows can spy or modify the window. This is the envirnoment used when you have to do the UAC approvals in Windows.
> If you’re making six figures writing software and think $3/month for a cornerstone of your security suite is offensive, you need to grow the fuck up, frankly.
Since when is it desirable to pay for software on a subscription model until the end of your life? Sounds like someone else needs to grow the fuck up here.
Around the time you expected to be able to work as a software developer for most/all of your life? Sure, I'd prefer to pay $20 for something I'll get free updates for for the rest of my life, but I get why that's not a viable business model when the company needs to pay a six figure salary to devs for the upkeep.
It's not desirable as a consumer, but I'd rather just get everything for free and just the way I want it as well. It's a compromise. OP wasn't saying that they prefer it this way, just that if you're literally mad and offended by what they're charging, then you're both blowing things out of proportion and not reacting proportionallyy.
Been using 1pw for some time. I have a few ux gripes that came about in the last about 1-2 years mainly around their latest browser extensions being far too intrusive compared to how it used to work. I really enjoyed the old 1pw.
Other than that, feels good, I like it. I pay for it for home and work.
I still don't get the Electron hate? Seems a bit insane honestly.
Hey — we'd love to chat about your feedback on the browser extensions. There are some settings that may help. Please shoot us an email. <3 -Ben, 1Password
Some people simply don't want to put their passwords onto someone else's computer... I've had little problems with their software, but I don't want to pay a subscription for password hosting because I don't want password hosting
+1 1Password is really great, the best among the available options by far imo. Most of the negative commentary about it doesn’t matter (I personally prefer native apps to electron apps).
The complaints about it being a subscription are weak - software doesn’t exist in a closed system. Keeping up with all the platforms and the OS updates etc. takes perpetual maintenance even if they shipped zero new features.
And the features they do ship (family vaults, built in OTP) are really useful.
It’s a refreshing escape from the “free” ad-driven hellscape many of the HN commenters complaining are probably employed by.
Most of the complaints were about the subscription model - the comparison to the ad model is relevant.
What features and utility were lost? It has way more features and utility now that it had previously. The happy path is the 99% use case, but it also stores non web passwords, docs, and notes etc. just fine.
Switched away from 1password recently after 10 years. Open-source KeepassXC almost as good. No regrets.
Every Electron app seems to want around 400MB RAM minimum. It's not practical for too many of your day-to-day essential applications to be greedy with resources, it all adds up and not everyone has 32GB of RAM.
I used Matrix chat client, Element, on Android - it's an electron app, guess what? It uses 500mb-1GB of RAM. KDE NeoChat Android used 50MB. Electron is simply not a good fit for everyone.
Developers making desktop applications should be made to use anemic ~10 year old computers so they know what their application will feel like to common people. Builds can be done on a headless server with plentiful ram; the requirements of the build environment needn't factor into what computer a programmer is given to test their work.
One of the very best things I ever did while working on an Android app was to buy a dirt cheap phone.
Every performance problem was obvious. Every fix was a clear improvement. And when things were acceptable there, the app absolutely screamed on modern phones. We had startup times faster than Android's launch animation with a little bit of care. Our users loved it.
Indeed. I have a circa-2008 Core 2 Duo laptop that I pull out from time to time, and I’m always shocked at how snappy it is running a modern OS relative to much more powerful modern computers, and start to wonder why I shelved it. That is, until I start browsing the web or need to use an electron app, and then it all becomes clear.
It’s too bad that perfectly serviceable machines like that are being relegated to closets and trashcans due to sheer inefficiency of modern software.
Bear in mind that a keepass database can be read by quite a few apps these days. You and I both use KeepassXC but there is of course Keepass itself (which I also use) and a fair few mobile apps too.
KPXC looks absolutely lovely but for me it lacks one feature: fold up the tree in one click. This sounds a bit naff but:
We have a KPDBX that is used by several people concurrently - mostly Windows via a drive letter, so direct access. One or two use it via a local clone that they sync remotely back to our central copy. One of those insists on ignoring the tree structure and searching instead, causing the tree to expand somewhat, and then syncing that state back via their "save". I found a plugin for my Windows sporting colleagues that folds the tree back up on open, also KP has a right click option to recursively open or close the tree.
KPCX does not have either option and I generally prefer to find an entry by browsing to it.
Not all people work the same way: some open so many tabs on so many browsers that their machine eventually crashes, and they leave KP in a right old state. Others close tabs when their title is occluded or the tab is no longer needed (you can always reopen closed tab). Some leave RDP sessions open for ever on every box ever and some don't.
I just need browser integrations to work and for it to be open source, I was pretty surprised how well the autofill works on Android. No way am I putting my passwords on the cloud, that makes zero sense to me.
It makes you entirely dependent on their cloud and vulnerable to their bugs, yeah. It's ridiculous.
As a nice example of the downsides, due to a few clicks while removing a friend's trial account, 1P irrevocably deleted their data immediately. Which was not clear and was not desired. (Not a bug per se, just "wait what, heck no I didn't mean to do that / didn't know it would do that immediately and with no explanatory prompt")
If they hadn't worked so hard to kill off their local backups, it would've been easy to restore access. Instead nope, and they lost quite a few customers immediately.
My 1p v8 uses 120MB when opened and unlocked on windows 10, divided over 4 processes. I have 32GB of RAM, that 120MB will fit somewhere I'm sure of it.
Also I don't think the Windows app is an Electron app? I'm not sure how to see it but it feels very native to me. Do you think they have a native Windows app but an Electron mac app?
Well in that case they sure as heck did wonders in optimising the app for low RAM usage. When I compare this to the dreadful Adobe CC app (also an Electron app) this one uses way less. Also feels rather speedy in use and doesn't crash when I shut down my PC - like the Adobe CC app.
Element is only electon on the desktop: both Android and iOS are native clients. That's also an obscene amount of RAM usage for it; I'm in a good number of rooms and I think mine idles at around 50MB and according to Android maxes out at around 250MB.
Irony being, electron element would be a huge improvement over the current disaster that is the android client (purely on a ram/performance basis, ignoring the horrific security problems which are ignored time and time again)
Electron is literally just Chrome with some window dressing, an abstraction placed upon abstractions to abstract way abstractions which abtract away abstractions that abstract the physical hardware.
Seriously, any devs that use Electron rather than programming for an operating system's natively provided APIs are lazy and/or incompetent and very disrespectful of peoples' computers and time.
> Seriously, any devs that use Electron rather than programming for an operating system's natively provided APIs are lazy and/or incompetent and very disrespectful of peoples' computers and time.
This is such an aggressively bad take. This is disrespectful of a lot of developers' time. Plenty of open source software I greatly enjoy wouldn't exist on Linux if it wasn't for Electron. Electron is not a choice I would make for myself but to say "if you use it you are incompetent" is just a bad take.
It's a rapid prototyping platform, releasing it as production is just bad. Releasing it as production is disrespectful to the users, so given the choice of disrespecting the users or the devs, I'd say the devs deserve it more for making user-hostile choices.
If my competitors want to waste time and resources hiring people to create 3-4 versions of the same app for different devices/OSes, I gladly welcome it. I'll be a well established incumbent by the time they put out their MVP.
If I can solve an important business need, my customers don't care if I use 120mb of RAM to do it. They certainly don't see it as "disrespectful" if I can save/make them money in the long run.
At 1Password we actually did not mind developing separately for every platform. It's been done for years. We build it for ourselves and don't mind putting extra work for better experience.
However, the problem is that you end up with apps that behave differently, miss features, and have different bugs across platforms. Drives people crazy. Just one example: 1Password 7 for Windows shows different search results in a different order compared to the Mac app. Obviously it could be fixed but then a different issue pops up somewhere else.
Instead of adding new features we spent time fixing (making?) various bugs in different ways.
The new 1Password 8 still has a ton of platform-specific code but the core is the same across all desktop and mobile apps. It allows us to get the new features out faster and also spend time on platform-specific code.
Electron apps can be written well, VS code is a great example. The majority of my customers use the electron versions of my apps, and 99% of them don't even know what electron is.
So in the meantime, I don't really give a crap what the average angsty passive aggressive self-entitled developer thinks about the underpinning framework that my products are written with since frankly, you're not really the target demographic. (For most software).
What a naïve and narrow opinion your throwing onto other humans. There are as many reasons for anyone to use electron as there are not to. You may not value the use cases a developer may choose Electron over native solutions.
It's very vary poor outlook on other people to think their lazy and incompetent. I'm sorry you hold these values but please try and get out of that toxic mentality your publicly showcasing here.
Except people who do electron well actually do it well and the experience is pleasant (Vs code, slack.. mostly) - but in general electron apps are pretty bad I'd agree on that front, perhaps a little on the lazy bit as a web app can pretty much just be packaged up and it'll never be a native experience plus it has all the associated ux problems web browsers do
I replied to another post earlier, hopefully it is ok to repost it here:
----
At 1Password we actually did not mind developing separately for every platform. It's been done for years. We build it for ourselves and don't mind putting extra work for better experience.
However, the problem is that you end up with apps that behave differently, miss features, and have different bugs across platforms. Drives people crazy. Just one example: 1Password 7 for Windows shows different search results in a different order compared to the Mac app. Obviously it could be fixed but then a different issue pops up somewhere else.
Instead of adding new features we spent time fixing (making?) various bugs in different ways.
The new 1Password 8 still has a ton of platform-specific code but the core is the same across all desktop and mobile apps. It allows us to get the new features out faster and also spend time on platform-specific code.
as an observation, the Electron one was the first Linux client (err, sorry, read/write Linux client -- KeePassXC could/can read 1Password's .opvault format if you needed access to them for an on-call laptop)
Yea, definitely people should have to put way more their free time just because some people are cheap on their RAM
but there's solution even for those: fork it :)
I hope the people complaining about electron are the ones that at least put money where their mouth is and donated to those projects if they do expect native versions
Those bits of macOS don’t need pointing out, they’re usually pretty obvious by way of small inconsistencies and taking an extra 0.3-0.5s to load compared to their surroundings.
No you are absolutely wrong. Laziness is not a factor.
Have you ever had to develop and release an application across 5 operating systems all with different UI APIs while also offering a web based UI too? Perhaps it actually makes a lot of sense to consolidate your code base so you can focus on feature development instead of OS compatibility issues and managing many versions of your software across os targets? This is why electron is appealing. In my experience most people who dislike electron apps are speaking from ignorance. They usually have some sort of irrational prejudice against web technologies.
Convenience does not excuse inefficiencies and lack of respect for other peoples' property.
Yes, writing and maintaining codebases for multiple environments is tedious, but it's part of the job description if you are providing good, solid software for more than one operating environment.
If you argue it's too tedious to maintain six codebases, that is the definition of laziness and you ironically helped reaffirm my argument.
Either suck it up or find a new, less demanding job. Programmers of yore managed to do it and we were all better off for it.
Have you ever run a company or worked on a software team? It's a rhetorical question, it's clear that the answer is a solid no. It's not about convenience, it's about economics and getting shit done. Customers getting a product that works is better than them not getting a product because your company blew all its money trying to hire and manage six software teams, or getting a product that only works on some platforms. What a colossally bad take.
Electron has its benefits for sure, there are some great apps out there. It really depends on the use-case and development team. If it could sandbox a system webview like on smartphones I'm sure the resource issue would be mitigated. Non native UIs these days are almost indistinguishable from native.
Let me guess. You must be a project manager, but you spent years studying to get a computer science degree, later on started a family and decided to get a job in Human Resources.
>but you spent years studying to get a computer science degree
Nope. :V
>later on started a family
Nope. :V
>decided to get a job in Human Resources.
Nope. :V
I'm just a stereotypical self-taught computer nerd of the 90s and early 2000s who saw how lean and effective software of yore were and yearn for those days.
Seriously, we have mundane access to tens and even hundreds of GB of RAM and 5GHz of CPU and what do we use it all for? To try and keep the stuff in the background happy, usually Windows or Chrome in this day and age.
The better hardware becomes, the worse software becomes to waste the hardware even harder. Fuck this noise, I want my childhood computers of badassitude back.
Nice. I was wrong. Comment read like a project manager. You should apply for jobs in Human Resources. Your emails will definitely make that 18 year old developers work 2x to deliver.
A project manager might be more sympathetic in understanding/accepting the value a single crossplatform app brings to the design and development teams. (Of course at a cost.)
Unused ram is wasted ram. Swap speeds and intelligent swap logic are fantastic these days (especially on macOS). It’s a good thing to see programs using more ram. Better caching is a feature, not a bug.
Poorly used RAM is wasted RAM. I don’t need a world class JIT compiler for an application which has a fixed set of features from the time I load it to the time I quit it. You can precompile stuff and leave the JIT compiler out of RAM. It’s presence is wasteful. I don’t need a world class DOM in a password manager. The UI is stable from the time it is published, we aren’t doing responsive layouts for random data here. Just passwords in a password vault.
Swap speeds are fantastic, but that isn’t an excuse to bloat out software to use all a customer’s RAM which they might want for other things.
It holds a Chrome runtime, no? Features like the fastest JIT in the world and a universal DOM aren’t waste. Not to mention, Chrome can run on much less ram if that’s all there is. It only has a high memory footprint when the OS allocates it unused memory.
No, it doesn't hold for any desktop application unless you have very good reason to believe that application is the raison d'etre for that computer. If that application is the reason for that computer existing and being used, then maybe you can say unused ram is wasted ram. But if that isn't the case, if your application is auxiliary to the primary purpose of that computer, then "unused ram is wasted ram" is never true for your application.
Photoshop for digital artists or CAD for architects are examples were "unused ram is wasted ram" might be true. Fullscreen computer games are another. But a password manager app? The password manger app is an auxiliary program, not the reason for that computer to exist. The password app should never assume ram not used by the password app is otherwise unused.
Not true from my own observations. It takes the RAM it wants/needs regardless of memory pressure.
There is no such thing as unused RAM after a decent amount of uptime on any mainstream operating system running defaults anymore. If no application has requested it, RAM will get used as file system cache which speeds up the experience in general.
It is waste if you could do the same thing without a full chrome instance. Because then that memory could be used for something entirely else, like the silly chrome instance required by some other electron based app…
Honestly, in general I'm more surprised that people would be willing to trust a thirdparty in the first place, with literally all the keys to their online lives. (I'm excluding those who use password managers mainly for throwaway accounts.)
I love 1P and would wholeheartedly recommend it to anyone. But... They are cagey around this fact. They are not just trying to remove criticisms of the fact that 1Password 8 is based on Electron, they are actually trying to gaslight.
Whenever you mention that 1P8 is backed by Electron (I myself am very neutral towards that fact), they will quickly correct you and tell you it's backed by Rust instead.
For whatever reason, they are choosing not to just own the truth. This is a real shame because new 1Password 8 is really good, and I recommend it.
Yep. Somebody asked on Reddit the other day what happened to the Apple Watch app with 1P 8 for iOS and the lead guy responded with:
> FYI, Support for Apple Watch was not dropped. The old Apple Watch app could not be included in 1Password for compatibility reasons. We are still exploring how we can include an Apple Watch app in 1Password 8.
So the Apple Watch app is no longer included, but support wasn't dropped?? I don't understand why they cannot just tell the truth about things. Why do they seem to be doing so many things that erode trust when their entire business is based around it?
In this scenario, the server would have already been shut down for maintenance but the company would still be debating whether to hire someone for actually doing the maintenance.
> This is a real shame because new 1Password 8 is really good, and I recommend it.
This is subjective. For me I feel everything is a bit more clunky, especially when using the standalone extensions. I have it constantly that the extension doesn’t unlock, the desktop version not showing up when I hit the global shortcut, rendering delays and and and
Been using 8 since the pre release to give it a chance but much much prefer 7. I never had this many problems with 1Password and I’m a loyal user since they very early versions
7 was a perfect product that worked flawlessly, 8 is an ok product that does its job. Can’t say I like AgileBits though, too much shady behavior: the subscription migration (hiding one time purchase licenses completely), removing standalone vaults, showing ads within the app, and now this crap
They lost their way a few years ago when they stopped supporting user synced vaults, relying on cloud services. Then, deprioritizing even iCloud/Dropbox backed synced vaults. With 1Password 8 they went full clownworld by eliminating local vaults entirely. I’m glad to have months to transition off 1Password 7 but haven’t yet found the ideal consumer replacement.
If you're using local vaults then you don't need the vast majority of features they're building. I think it makes a lot of sense to de-prioritize that type of user. Stuff like one time shares (or any sharing really), travel mode, multi account management, not to mention all the enterprise features. It's basically an entirely different product, and I don't fault them for going in a different direction when there are so many other, free products which fill that niche.
The communication could've maybe been better, but overall it's hard to say that the rug was pulled out from under you when you were not using a subscription nor obligated to receive updates. The old binaries still work fine.
If you don't need shared vaults, Secrets [0] is superb, it's a lot like the last good version of 1Password before they started removing features and forcing people into cloud storage and subscriptions.
I use bitwarden in corp/client environments but the mobile experience is inferior to 1Password.
I wish Futo would pay for a great fully open source (and reproducible build, multiple competing vendor backend, self hostable backend, etc.) project. Keepass, bitwarden, enpass are tolerable.
Something which could both integrate with hashicorp vault and with some shared sessions/no sharing of passwords thing would be cool too (via weird proxy tricks or a browser trick; basically to let a browser log into my session without the user/computer ever seeing the password, only auth delegation.)
For desktop... it's definitely kind a bit more of a frustrating experience. I can definitely elaborate but the gist is it is just more painful / slower to get to passwords. I for the first time ever, installed their Chrome extension.
For mobile... it's incredibly fast. I have never had an app scan my face and unlock. It's worth shouting out those devs.
Moved away from 1password a long time back. 1password 5 was the last good product. Then they raised a bunch of money and went the usual VC route of losing control of the company.
> Bitwarden is a superior replacement in every way
I'm going to regret sticking my nose into this, because BW is the Internet's darling, but that is demonstrably untrue unless one's password management needs are extremely simple
One can dislike AgileBits as a business all they like, but BW has a long way to go before it's a superior replacement
I am a Bitwarden premium user for my personal password management, but we use 1Password business at work.
Some things Bitwarden is missing:
- Integration with biometric auth on Linux
- SSH key types & SSH agent integration
- API token types
- Equivalent to `op run --` in their CLI client
- Shared vault / folder management in Bitwarden is clunky,
especially with CLI
I'm sure there's more, but this comes off the top of my head. It has a lot going for it, but small things (especially with the CLI tool) make it hard to say it's superior in every facet.
I love Bitwarden, but they very clearly employ fewer people and have fewer features.
I switched to BitWarden for a while when it looked like 1Password was going to be in-browser only as the future on macOS, and one of the major things for me was it making logging in to multiple Google accounts harder than 1Password - it seemed to always be presenting the wrong password as a default, whereas 1Password would just get it right. Google drives me mad with the number of times they'll ask me to reauthenticate in FF.
I'm sure that story has improved since then, but it was frustrating enough for me to switch back again.
I might argue these are niche features and best served by more complex password managers compensated to serve a smaller audience. Your average user needs somewhere safe to store a url, username, and password tuple (and perhaps safely share those to others). Business users should be using SSO, role assumption, and a vaulting solution as a last resort.
Hmmmm. Are you advocating that Bitwarden was feature-complete and should never build these things out of the product they have? Because things like SSO, role assumption, sharing, etc. are already part of their business offering.
What I'm complaining about above is the claim:
Bitwarden is a superior replacement in every way.
which I'll add, was compared to 1Password 5. Certainly that may be true for the grandparent poster, but I've put various features that exist in 1Password 8 (as a current user) that are missing in Bitwarden.
I'm happy to disagree and say that if you want a product that only does vault storage, and neglects all business or non-user/pass combo needs - great, you can have that. But to suggest somehow that Bitwarden is that product and should remain so - well I'm afraid you're not looking at their business model. They already have SSO options (see https://bitwarden.com/products/business/), audit & compliance, etc. I am being very frank about features that are missing from Bitwarden today that actual customers are looking for.
I’m advocating for not building features if they’re not going to drive meaningful amounts of revenue. Let your competitor waste their resources doing so.
Also migration from 1Password to Bitwarden was a mess when i did it about a year ago. For example, it removed all file attachments - without even mentioning it! (which i didn't notice right away, which could have easily resulted in data loss.)
The migration of all the "fields" in an item of course can't be done exactly one-on-one, which resulted in a huge mess.
I too hate the Electron versions of 1Password though. Profit seems more important than quality to them lately.
I'm currently slowly migrating all passwords to Bitwarden/KeepassXC. Hopefully Desktop browser integration will improve.
I was purposefully steering clear of a laundry list, cause it comes up so often I'm tired of typing it, and also I'm trying to get out of the "try and convince people to switch" game. If you like BW, I'm glad for you, and that I don't have to use it. I paid for BW so that I can fairly evaluate their product every so often, and my experience is that they just have a lack of attention to detail that I don't enjoy when entrusting my passwords and day-to-day UX to them
I do hope they succeed, and I'm glad vaultwarden exists, but in my line of work execution matters and they have not yet demonstrated that they care about execution to the same degree that 1P does
I don't use either - I used Keepass and sync the key file amongst my devices. It doesn't have a lot of the features that other password managers have, but it's simple, open-source and works well enough for me.
Not a feature per se, but I've found that Bitwarden is less reliable at identifying password fields in apps and web pages than LastPass. Last time I used 1password it was still called 1passwd so I'm probably not qualified to compare against them.
That said I still like BW enough to be a subscriber.
The new 1Password 8 is a lot better than the old 1Password in my opinion.
We just switched our whole company over. I'm not sure of the basis for the key criticism, as 1Password 8 feels more responsive than 1Password 7 -- which used to take several seconds to appear on the desktop if it was locked.
1. A lot of the core functions i.e. search seem to have better performance.
2. It opens quicker, whereas 1P 7 seemed to sometimes take several seconds to open. By comparison, 1P 8 is always instant, and that's important if you're trying to login to a website via the browser plugin and your Vault is locked.
3. It looks more integrated with Windows 11, as the UX and iconography matches. Also the bigger scale on text and clickable areas makes it nicer to use on a touchpad. I also prefer how the login screen covers the whole screen now. It wasn't always easy to see which monitor popped up the prompt in 1P 7 if you have many.
Some minor criticism:
It's less "nice" to customize your Login items in 1P 8. The label editor and UX to add extra items to Logins is not as good as in 1P 7, but I can't quite put my finger on it. I think it is because the editable parts don't clearly turn into text fields when you press them.
The main reason I switched from 1password 7 is that at some point they removed the option to disable code signature checks, meaning they had to update 1Password whenever a browser vendor changed their signature. This effectively means that Firefox working with the old version is going to end at some point, they just happen to have kept the same signature or some time.
The other side of this, is that it will not work with LibreFox, which isn't signed. Frustratingly, they had the option to disable checks for years in 1Password and removed it.
KeePassXC is the way to go. Similar experience on android and desktop to 1Password (non-SaaS) local vault.
I investigated the browser extension not working with LibreWolf, broke down the logs and it was definitely code signature verification check. LibreWolf is unsigned and that is why it didn't work. It stopped working with Chrome at some point for the same reason
Agreed. The anti-Electron crusaders seem to be some of the loudest folks out there, too. 1Pass is great in my opinion, it's a shame it's being so negatively portrayed through-out this thread.
AgileBits and its forums have always been hostile places for customers who ask questions that the company is not comfortable with (like dark patterns, anti-customer policies, etc.). Nothing new here. The problem starts right at the top, and that “we know better than you at all times” culture flows down to all the customer support representatives. By whatever chance, I think older forum posts are still there for anyone to go and verify for how long these toxic reactions have been around.
I'm trying to find an alternative to LastPass given their announcement today and was thinking of moving to 1Password.
Many responses here are recommending against 1Password.
What's a good alternative, specifically for families, as I've moved members of my family to LP?
I'll specifically need some recovery mechanism for them in the event they lose access, as they're still getting used to this workflow. Its not ideal but what's needed realistically.
Personally I'm a big fan of bitwarden. It's open source so you can host it yourself if you want, the free version is very usable and the pricing for the more advanced features and the family plans is very reasonable.
Note the official open source version requires a subscription to get a license key. Most people choose to run an alternative server written in Rust called vaultwarden.
they are also doing some ... questionable ... trickery in their on-premises install <https://news.ycombinator.com/item?id=31098608>, so aside from vaultwarden being seemingly infinitely slimmer, it's also a lot easier to reason about from a security PoV
Honestly, ignore them and try 1Password. It's really, really great for families, whereas I found LP to be a fucking nightmare. I can recover family members accounts no problem. Best subscription service I've ever paid for by a long shot. The cost to try it for a month is negligible.
Second this. 1Password is excellent, and when I had a critical support issue, their team (and even CEO, believe it or not) went above and beyond.
The claim that they're censoring critical posts on their forum is fairly baseless until they've had a chance to respond — Occam's razor would suggest there's a much less nefarious reason for posts not showing up.
Finally, the Hacker News crowd has a clear bias towards shitting on Electron apps in the war against perceived crimes of not being performant on ancient systems. I'm sympathetic to that way of thinking, but it's not justified grounds for how much flak 1Pass is taking here.
I moved from 1Password to Bitwarden about a month ago and am perfectly happy. Bitwarden is missing a small number of nice "quality of life" features like Touch ID support on Macs and large type mode, but these aren't even close to dealbreakers. There is a family plan available for up to 6 people, and for recovery there is an "encrypted export" function so you can have an encrypted vault in cold storage. Would recommend.
Unless there's evidence they're lying about the scope, that alone doesn't seem like reason enough to ditch them. Not that I'm opposed to switching to keepassxc.
When LastPass started to lock in free users to desktop or mobile only, I switched to Bitwarden. Quite happy with it so far. I was able to import my passwords from LP and I believe it has free sharing for one other account, though I've only used it on my own so far.
But autofill doesn't work on non-Safari browsers on your Mac. Yet I truly love Keychain so much in my Apple ecosystem I go to the trouble of exporting my passwords every few weeks to Chrome.
I'd like to see websites make it easier on people who need to copy/paste their login information because they are using some kind of password management system that doesn't support autofill.
One simple change would be to for the site to pick some character that is not legal in user names for that site and make it so that if the login form is submitted with a blank user name but the string in the password field is of the form <string1><X><string2> where <X> is that not-allowed-in-user-name character, then the site tries to do the login with <string1> as the user name and <string2> as the password.
People using copy/paste could then store their user name and password together in that format in the password manager, and only have to to one copy/paste to login.
Enpass user here since sheesh, probably 2016? It was whenever the 'LostPass' [1-2] security scandal broke and shortly after Logitech acquired LastPass, after which the usual 'corporate suck' had set in. I had used LastPass for a good seven or more years before switching to Enpass.
Enpass has given me good cross platform support, especially like that I'm not a 2nd class citizen on loonix systems. My only gripe would be that it's not open source, but I think the company does a good job of allowing you to keep and sync your data locally, without constant pushes to whore it out to 'the cloud'.
Glad I stopped using them many years ago and switched to the open-source KeePass ecosystem... Which also lets you bring your own file sync (e.g. Dropbox, OneDrive, etc) instead of paying a subscription. 1Password used to work that way too!
it may be worth asking in "the Lounge" for an explanation, which would offer them an opportunity to explain themselves and, at least until the lounge thread gets delisted, make others aware of that behavior: https://1password.community/categories/general-lounge
that said, as someone who has offered them repeated and what I feel is constructive feedback during the Mac and Android beta periods, I can attest they DGAF about what you think about their things. That sweet private equity money invites you to pound sand
1Password is getting worse and worse. It still works but it’s slow after unlocking and isn’t integrating as well. I may be up for reconsidering at some point.
I've been a personal user for 4 years or so after getting a membership through the corp I was working with at the time. It's wild how different the experience is depending on what platform you are working with.
In my personal stuff I use Firefox, in which the 1Password experience is not great. I also use it on iOS for personal use on safari, an experience I would also rank as "not great". In a job that I started working with recently, I use Chrome exclusively and it works very well on that platform. So it seems like not a whole lot of effort is being paid to having a unified experience on platforms by 1Password.
I understand it's kind of a hard problem, but the discrepancy seems rather large from my experience. Too large for what they are charging and continue to charge.
That being said, I can't say that there are preferable alternatives currently. My current company uses Lastpass and while the chrome experience is OK, it isn't a massive UX improvement over 1Password either.
I have the opposite experience... sort of. It's not getting slower but of course also not noticeably faster.
But the app has gotten better and better over the years.
--- edit fix some wording issues from starting the sentence one way and finishing it another ---
My main problem is safari on Mac - it takes its sweet time unlocking and then I often have to click around or reload the page to get it to actually “stick”.
Founder of 1Password here. I am sorry to hear about your experience getting worse.
Any chance you are not using 1Password 8 today?
The problem with 1Password 7 or earlier versions is that the surrounding environment changes and the older versions do not receive updates to keep up. This certainly makes the overall experience worse with time.
I’m pretty sure it’s 1p8 - I’ll check when back at my desk.
It’s specifically after it has locked itself, the little icon with a padlock appears in the username field, click it, touch ID, it unlocks … and the icon remains as a padlocked 1p until I either reload the page, click out and back in, or wait something like 15-20 seconds.
- Customers complain about regression in quality related to the move from native to Electron
- 1Password reply: try the latest 1P Electron
To conclude: the reason to use the new Electron version anyway, is that the old efficient native version will (soon) become even worse than the Electron version, since it's no longer being updated.
I've definitely noticed the Firefox extension (on Linux and MacOS) working more slowly and occasionally even hanging the entire browser for up to 30 seconds.
I am no electron fan but 1password’s new desktop apps have been a huge improvement from 7 for me and the new mobile apps are equally impressive. I’m not gonna let up on electron complaints for other companies because a lot of them are just taking the easy way out with it (ugh why can’t slack just be a little more simple and native) but 1pass proved to me an electron app can be decent if a company pours in the resources
1Password has been good to me. I did have a strange encounter with their customer support last year; I had asked whether it might be possible to have native support to show when a credential was set up to use Sign In with Apple, or Google sign-in, etc. Their customer service didn't even consider the suggestion, advising me instead that using single sign-on solutions was a security risk. At the time I thought the agent was just confused, but with hindsight I realised it might fit a password manager's agenda to keep people using an email, password and 2FA combo, perhaps with an eye on whatever other solutions 1Password may have in the oven.
ok great but I don't want a LOCAL vault. I used keepass for a years and it was such a hassle. I used to make all these arguments to myself too, but I finally gave in. 1password has all the features I could ever want and I never have to mess with it.
Like it or not (I don’t), but the Electron apps are here to stay. It’s the direction they’ve decided on. Arguing about it does nothing to move the needle forward. It’s a done deal. I imagine that posts about it are simply unproductive. I’ve posted about it, and my posts are still there.
This past year was the first time since 2009 that I’ve actively looked at alternatives, and there are none. 1Password is in a class entirely its own.
Are there things I wish that were different? Yes. Do I wish they’d bring back features that they’ve dropped? Absolutely. But it’s still the single best product in its category. Nothing else comes remotely close. And they are years ahead of #2.
I am confusion. I upgraded (unthinkingly) and don't see what the fuss is about? In fact they've added something that I've wanted for a long time, which is universal password suggestions (for applications).
¯\_(ツ)_/¯ works on my machine?
EDIT: Ooooooh, just read the support thread and now I understand. Goddammit, I wish I knew all this before I upgraded. Seems like there's a trust issue with people trying to get an answer as to why three months in, it still can't be downloaded from the App Store. They suspect Apple isn't approving it due to some shadiness and/or security issues. I really hope not, but their responses and the way this has happened does look _well_ shady.
About 10-15 years ago they were behaving the same way.
I made a post in their forums complaining that their on disk file storage left your list of domain names in cleartext so someone with access to your files could see where you have accounts, which reduced the benefit of them encrypting the actual passwords, something they made a big deal about in their marketing.
They moved the post from the high traffic forum section about 1Password to an obscure forum section about random topics. (Their justification for leaving the domains in cleartext was that it was needed to make the browser extension work.)
I still use the product but the company is flawed. They are just less flawed than others.
As someone who has had professional involvement with them, I was thinking about this the other day. I would summarize them exactly the same way.
When it comes to security and privacy in cryptographic terms, they seldom make a misstep. They rightly uphold Kerckhoff’s principle. They do the most important technical things right and reliably. They deserve credit for that.
When it comes to all of the soft/human/marketing/product management decisions, they have some really bad calls under their belts. They deserve criticism for that.
Truly a sketchy company. I'm extremely glad I moved away from them.
I think the beginning of the end was pushing an update to the iOS app that deliberately took away previous functionality if you didn't have a subscription account.
I was a legacy user too, they finally got rid of me I guess
The update to version 8 forces a login to the app and I could not use my own storage to sync vaults, out of the blue it just happened, I wasn't a paying customer
The workaround? Create an account, export your vault(not in the older version, the export formats are limited), and off I went to Bitwarden
Putting the Electron and subscription model debates to the side, if you're unhappy with 1Password and on macOS, consider switching to Minimalist Password. Currently a fair fixed price model, solid native apps for macOS, iOS & iPadOS, and iCloud syncing. They release updates often enough, and have been super responsive via Twitter about making small tweaks. The only thing missing are Chrome/FF extensions but they're coming (have to copy/paste on desktop unless you use Safari).
What important differences are there between Apple’s iCloud Keychain password management and Minimalist Password? Is it just the (coming soon) Chrome support?
iCloud Keychain password manager is becoming more capable but still pretty limited. Aside from the extensions to support more browsers soon, Minimalist Password provides some of the sugar that 1Password has, like the ability to store different things beyond just passwords (credit cards, crypto wallet keys for hot wallets, software licenses, secure notes, etc.) It also includes the ability to add custom fields of various types to password entries, and tags for grouping. It's more of a comprehensive secrets manager.
Everything in 1Password minus the toxic optimism, standards compliant migration (1Password can't import from BitWarden, but other way round works) and one fourth of the subscription costs. BitWarden is easy to manage - I got my mother to install it on her Android device, and she can easily manage passwords. Their shift to an expensive subscription genuinely disappointed me with subpar applications. When alternatives work, why consider 1Password? Best option is to stay away from them.
It's on 1Password that they can export in a reasonable way that Bitwarden understands, but Bitwarden can't export that way?
Or to put it another way, you claim 1Password is not standards compliant. What standard should they be?
My experience is that Bitwarden has a clunky user interface, and I just don't trust them (yet) security-wise. I have no problem paying for an interface that my family can use.
1Password and Bitwarden are both really good options. If you are more in the Apple ecosystem, and prefer a great UX, then go 1Password. If you trust bitwarden, and are in other ecosystems, I think that's great too.
Throwing around phrases like "toxic optimism" and "standards compliant migration" is a bit low.
I expressed my opinion about the toxic optimism part.
As for the "migration"- they refer you to a tool (MRC converter) to convert the Bitwarden import to transfer to 1Password.
If 1Password expects me to pay for their services, they make it impossible for a non-technical user. As for the Wirecutter review, it's hard to decide on a publication that makes money from affiliate referrals.
1Password is uniformly bad; either way you look at it. If its value for money, Bitwarden offers the best one. I am NOT affiliated to either company but speaking from a user perspective.
I will cancel my sub and shift to KeePass before installing an Electron Version of 1Password
Not only is Electron heavy, but also inherits all the security vulnerabilities of Chromium.
This is compounded further by the fact that Electron uses its own bundled version of Chromium and so needs to be separately updated, before the app is compiled by the devs.
So many app developers are not even aware of this and so will not bother updating the SDK.
HN community with all their hacker ethos and dev skills should be fully behind Bitwarden, a superior password manager with some rough edges on UI. Bitwarden is fully FOSS and heck they charge much less than 1P ($10/yr for premium). If shit like this happens, you can always leave Bitwarden and start self hosting using VaultWarden (its rust clone).
I was really into it until I hit some bug/corruption where it just stopped accepting my password to unlock it, and then I had literally 0 recourse and had to spend hours recovering it, since they wouldn't even let me just delete the account and start over.
Thats strange and I have never heard this issue before. Did you have any issue filed in github with them. One way to go around is to export and download your data. You can then import it into a new account or an account run on Vaultwarden.
It's not possible to easily export attachments, so if you have private keys up there as attachments rather than in plain text, QR code screenshots, CSV's or similar. These will not come out trivially. There are some open source Python scripts up there for exporting attachments out of 1Password and BitWarden but I could never get them working.
I can appreciate that it's painful not having an agreed upon standard for password exchange, but for sure 1pux is a zip file that 100% includes attachments <https://support.1password.com/1pux-format/#files-folder>. I have verified that personally
Their Mac app (version 8 built with electron) had a nasty bug in it where it would consume 80-100% of single core CPU and when made aware, it took them over a week to push out a patch.
Whatever they think they're doing taking a native app which rarely (if ever) had such regressions and rewriting as an electron app, they've embarked on a boondoggle.
I’m still on seven… Still works OK, and I haven’t gotten a lot of pressure from them to upgrade.
Since I’m mostly on Mac – has anyone made a transition to OSX keychain? I’ve used it a lot back in the day but I can’t really remember… But modern day iOS/os x seems to have a lot of integrations
Easy solution here - switch to an open source password manager and don't look back. They're way less likely to suddenly betray you in an update. I recommend https://keepassxc.org/
They should just lock the thread if it’s getting unproductive. Sounds like the developers aren’t interested in putting it on the Mac App Store and don’t want to discuss the reasons, so of course the thread is going to be nothing but complaints and sometimes hyperbole.
I know of course. But you still need to audit them before. And then on every npm update you do. It can be a full time job. But even then there’s no guarantee you’ll slip and miss.
I can definitely see a potential targeted attack. Since you could reverse the 1P bundle and see what packages it uses and then try to insert some malicious code.
The thread does show up in the search results, but if one were interested in seeing a thread with 6 pages worth of replies, and untold number of views, in order to know that topic is ... receiving a lot of attention ... then you'd have to come to HN :-)
electron apps are near instant no install with me and others. Exceptions exist, but taking a gb of ram to edit a 9.2k file is insanity. I think 1Password lost its way, especially on the subscription model.
From the forum comments it seems that another major complaint is the absence of 1PW from Mac App Store. I totally get that. I also found it was bizarre that the update had to be downloaded from a website.
One of the primary reason for selecting 1Password was a native app.
But at this point isn’t much holding me back from switching to BitWarden. I already use it for my business. I guess it’s time to switch my personal too.
It's really short on some critical features - including web access, the ability to manage and list and share across family accounts, password recipes etc.
vaultwarden is a free Rust-based implementation of Bitwarden that works with the Bitwarden client. Password Store (pass) is also a great password manager with multiple clients and frontends.
Yea but for non-techie users the cloud based storage the majority of the value proposition. I'm going to be setting up a password manager for my mother shortly (since she's trying to get to grips with a ring binder full of passwords my dad left behind) and cloud based storage is a hard requirement for whatever software I end up choosing. Some other big features are no timeout auto-lock and the ability to assist with recovery codes remotely (in case she locks herself out of the system).
Edited to add: I would mention that I personally use KeePass and love it to death though - my SO and I have vaults we occasionally sync and it's a wonderfully simple and easy to use application for anyone with confidence in keeping the password vault secured and a backup ready.
I would think cloud storage of some kind is default in the current devices. I use dropbox as storage for DB file and it autosync with other PC and phones. Also you can get access to file in browser if needed. Google drive might be even better for it.
Consider an open source password vault: https://keepass.info/ . Bummer to have all your passwords in the clear on compromise because it isn't encrypted.
Companies that need to create apps for multiple platforms (macOS, Windows, Linux, web browsers) have a choice:
A) Create separate apps for each platform
B) Make one app that can run on all platforms with minimal changes
Electron is a very popular way to build a webapp and make it look like a real "native" app. It is great in concepts: companies can build one app, and they only have to make minor changes between platforms.
In practice, Electron apps hog a lot of memory and can appear slow. Electron is basically a web browser rendering a web page. When you have your regular web browser running, along with a handful of Electron apps, you're really running several comletely separate web browsers all at once. On top of that, Electron is built off of Chrome, and Chrome is a huge memory hog.
So, companies that create Electron apps go that route to save time and resources, hogging up users' resources. For 1Password, it's supposed to be a tiny app the mostly just lives in your OS's menubar or taskbar with a minimal UI until you need to open up the larger window. Instead, there's a whole instance of Chrome soaking up memory in the background while your app is idle.
> In practice, Electron apps hog a lot of memory and can appear slow.
This almost never has anything to do with electron and everything to do with the development of the application.
> Electron is basically a web browser rendering a web page. When you have your regular web browser running, along with a handful of Electron apps, you're really running several comletely separate web browsers all at once. ... Instead, there's a whole instance of Chrome soaking up memory in the background while your app is idle.
Curious from a theoretical standpoint - isn't one of the downsides of Electron that it's standalone and not really designed to be shared between different instances of the same thing?
For instance, Slack is a famous Electron app as well as Zoom. If there were a framework where they could share common resources couldn't it be as theoretically efficient as having separate tabs in Chrome? I know we are well beyond something being possible in practice that does something like this, but it feels like it could be theoretically possible to use way less resources doing something like this.
I honestly feel that it's more the toxic Apple Indie Community than 1Password. A lot of Apple users are unhappy that 1Password has started to target (in addition to their apple users) enterprise and PC users as well.
The difference between 1Password 8 (Rust and electron based) and 1Password 7 is minimal. More to the point, they tried to use Swift UI for 1Password 8 and failed (SwiftUI is another favorite community beating bag). Apparently, the only true path that certain people would have accepted is keeping a rapidly technical debt increasing Objective C and AppKit code base.
If one looks at all the brew-haha over DDG delisting some search results, it's the same thing: no one likes having pseudo-censorship applied to what seemed like a good-faith ~~rant~~ forum thread. There didn't seem to be any obvious illegal content or ad hominem attacks that would warrent delisting the thread, and thus from the outside it looks like "sour grapes" when AgileBits had their feelings hurt
That said, it seems to be some custom(?) forum software, so there could also be a perfectly reasonable explanation that just looks shady
Yeah, I figured it was some idiomatic thing that was almost certainly incorrect, but I claim handicap cause I was born in the South :-D There are so many expressions I've heard all my life that I probably couldn't write down if my life depended upon it
Thank you for warning others not to follow in my footsteps `o/`
Doing a quick scan through the linked thread and the final screenshot that this post's title is about (re: delisting forums posts)... the thread issue isn't criticism of the new app version per se (there is some) but the fact it's not available in Apple's Mac App Store (it is in the iOS App Store).
The screenshot just shows the thread as visible from the "latest post" view, but doesn't actually show up in the Mac forum area.
Honestly, their street cred went down the drain when they switched to Electron! I can imagine them making this decision 5 years ago, but today, there are options!
I am a professional, and don’t mind paying their very reasonable subscription so they can continue to actively maintain the security and functionality of the software that literally protects my entire digital identity. I’m baffled by how many people in our industry are upset by their business model. If you’re making six figures writing software and think $3/month for a cornerstone of your security suite is offensive, you need to grow the fuck up, frankly.
Likewise, I don’t care how they moderate their forums.
The comments in these threads always feel so self entitled. Use another piece of software if those things are important to you. Plenty of us understand and appreciate the value these guys are creating for us. For me, nothing compares. I’ve tried Keepass, Bitwarden, Apple’s built-in thing, Enpass; they are all either amateurish or missing key functionality that 1Password has that I use every day. All the same, I’m happy they exist. Some day I may need them. I hope more pop up.
Anyways, if you’re a dev or employee at 1P I’m writing this for you. Sorry about the jerks. Plenty of us out here love what you are doing.