1Password migrants thread

[MacBH928]

Out of curiosity, when did you last pay for the upgrade, and when did you initially pay for the $60 fee?

I also paid for 1P on MacOs and iOS and was not happy moving to the sub model, and especially the major UX problems and total mess of browser extensions they had for about 9 months recently.

However, how long did you expect high security software to be continued to be supported and improved on your original license? What is a reasonable amount to pay, given this stuff has to be patched immediately if there is a new vulnerability?

You would prefer to run a secrets management tool without patches for years on an internet connected device?

In the modern day I expect about 5 years of security updates and bug fixes along with my purchase. I am ok for paying for new features, but I do not want new features.

Whatever mumbo jumbo 1Password say about new features, since my first license I have been doing the same: create login-autofill-Sync.

The only reason I see paying a reason to upgrade is when Apple release a new OS, and I upgrade to that, and its functionality breaks. Now I think fair to repurchase the new version that was adjusted to work on the new OS because mine was not original meant to work with future OSs.


As for "secrets management tool without patches for years on an internet connected device" I just do not see the threat issue. I use 1password locally, I do not share it online, how is 1password under online threat and security breach more than TextEdit or VLC or even the Netflix App in a roku stick?! I would understand if it was a tool like a browser that I go online with or online storage service.

Bitwarden can do the same thing.

• Ctrl/CMD + Shift + Y → Activate extension
• Ctrl/CMD + Shift + L → Autofill, press again to cycle through matching logins

Yes but 1password cmd+\ is less keys to press each time(2 buttons > 3 buttons) and its built into my muscle memory. I tried to adjusting the shortcut to "cmd+\" in Bitwarden but did not work.

This feels like a pretty dramatic oversimplifiation. I think you just answered your own question: put all your stuff in a spreadsheet. Done.

well I did say its "glorified" spread sheet. It has encryption, password access, nicer GUI, AutoFille and a plugin. Its not that I am not willing to pay for the glorified version, I do not want to "rent" it.

mSecure. It can even do LAN only syncing. One time purchase. Is it as pretty as 1password? No. Am I glad I don't have to have a subscription to use it? Yes.

I mentioned here before, MSecure looks like its abandoned. idk.

There's a couple of things with this, as I've been in an argument with someone else over this same issue in the other thread in the main news section.

Sometimes, being supported does not mean "is functional". I'm still on a mid-2011 MBA, running Sierra, using 1Password 6.8.9. I paid $36 for the license to 1P6 (it was on sale at the time). Sierra's last update was in September 2019. 1P6 had its last update in November 2020. I bought 1P5 when it came out, and through the upgrade process, landed on 1P6 6.8.9 which I have not had a single problem with it. The license for 1P6 and 1P5 have been in perpetuity for me. As long as I have that license, the program will continue to work. That last update for 1P6 was a security update, and since they stopped supporting 1P6 and focused on 1P7 and newer, that does not mean that 1P6 will not continue to work.

Why isn't that a problem? See below.



Seeing that 1P6 and older have affectively been dropped for support, that would then mean that the bulk of the users of 1Password are using 1P7 and newer, and will continue to do so until there are little to no users left using 1P6 and older. That actually is to the advantage of those 1P6 users, because if used properly, we would fall under the cloud (no pun intended) of Security by Obscurity. There would be so few of us using the program that no-one with any malicious intent would go after them because they wouldn't think that older versions would be used.

Case in point: I'm still on OS X 10.12.6, because 10.13.x (High Sierra) is incredibly unstable on my Mac, yet Sierra has been rock solid. There have not been any CVEs released for Sierra since 2019, as it is now falling under security by obscurity.

If kept locked down properly, everything kept local and secure locally, Sierra and 1P6 could work until this Mac dies, which it doesn't appear to be happening, as I'm now 10 years and 5 weeks into it.

My point: When it comes to a vulnerability, there is remediation, and there is mitigation. The patch is remediation, as it eliminates the vulnerability; working around the vulnerability and doing what can be done to secure the vulnerability from being exploited without being able to patch is mitigation.

We can do the latter without having to pay, which is how I'm still using Sierra, and 1P6 with all of its patches.

BL.

idk, there are people who snoop the internet for people who still didn't upgrade their software that has known vulnerabilities in the hopes some people still do and target those specifically.

 

[MacBH928]

Guys why no one is considering EnPass? It looks like its the closest thing to 1Password.

With all respect to SafeInCloud and Secret developers, password manager is too critical to trust for a 1 man job, and for that price of $5 forever license...I mean even if I paid and he messes big time, I will forgive him at that price point, I don't expect something like AWS security measures. I am wary of it.

The ironic part is this 1 guy show is asking for a forever license of $5 , meanwhile Agilebits is asking for $3/M because of "maintenance" costs ???

From this:

SafeInCloud Review 2024 | Is this cheap password manager worth it?

SafeInCloud is a proprietary password manager that has become popular with a growing number of users. In this review we take a look at all aspects of this service as ask is it worth the money?

proprivacy.com

There is a suggestion that he is a Russian national, as well as the fact that he's been at this for 9 years.



From the bottom of the Secrets website, there is this blurb:



That gets you to this:

About

pfandrade.me

Yes, he's in Lisbon, Portugal, but has worked for Apple. So he definitely knows what he's doing. But I wouldn't be too hard on him; if it is a small company, which it definitely sounds like, he may be a 1-man shop, trying to do everything, similar to SafeInCloud.

BL.

thats some nice investigation work

I emailed Agilebits multiple times. Told them that I might consider subscribing, but would not ever consider storing my vault on the net. They basically ignored my statement.

Everything is local for me. MacOS, IOS, iPadOS for both myself and wife.
I store passports, vaccine proof, all in 1P. Starting to look for another solution.

Yes, this is the other issue. I do not want to store my passwords online. I do not want to hear another "Ooops, we messed up" . I do not want to give the ability for someone else to be even able to attempt to log into my password account. When its on my device he can't access it over the internet. Maybe I am paranoid.

 

[johnb1968]

Guys why no one is considering EnPass? It looks like its the closest thing to 1Password.

I've been singing it's praises right here. I agree... It's the closest thing I could find to 1Password (minus the sleazy bait & switch nonsense with bricking your new standalone download, of course.).

 

[ignatius345]

well I did say its "glorified" spread sheet. It has encryption, password access, nicer GUI, AutoFille and a plugin. Its not that I am not willing to pay for the glorified version, I do not want to "rent" it.

I avoid software rental as much as I can as well. But I also recognize that in this particular situation 1) it's an extremely high-stakes application; 2) security threats are constantly changing; and 3) websites are constantly changing as well, necessitating updates for autofill compatibility. Add to that the immense utility of the family plan I use, which offers a mix of personal and shared vaults. 1Password is well-designed, has excellent support and sees frequent useful updates.

$60 a year for the family plan is not nothing, but I feel like I'm getting a ton in return. There are all kinds of trivial things (like weather apps, for crying out loud!) that charge as much or more than that.

In a perfect world, I think more developers would shift to a model like Agenda, which charges for a year's worth of premium features (on top of the free baseline version) but you get to keep using those features you paid for, even after the year is up. THAT is a subscription instead of a rental. Same with BusyCal, which gives you I think 2 years of free updates when you buy it. Updates past 2 years require you to renew your license. Again, fair, because you can keep using what you paid for forever if you want.

But again, I personally wonder if a password manager is something you don't want to keep using without frequent updates. I wouldn't feel as comfortable doing so, anyway.

 

[macsplusmacs]

Totally forgot about the online storage only for 1password 8.

what a disaster for them. part of their 300 million in venture capital went to Jerky SAAS "marketing managers" who brought their one trick pony to the desktop 1password I see.

 

[ignatius345]

Totally forgot about the online storage only for 1password 8. what a disaster for them.

More a disaster for the .01% of their users who give a crap either way.

I think when you spend time on these kinds of enthusiast forums you lose sight of the fact that you don't represent the vast majority of users. Most people don't know or care whether something is "in the cloud" or what, so long as it works reliably.

 

[bradl]

Totally forgot about the online storage only for 1password 8.

what a disaster for them. part of their 300 million in venture capital went to Jerky SAAS "marketing managers" who brought their one trick pony to the desktop 1password I see.

That is the part that is getting me. As a sysadmin and ISO, hell, ANY ISO would heavily recommend against storing any passwords, let alone sensitive data in the cloud unless the entity holding it has gone through some heavy certifications and being compliant in those certifications (ISO27001-ISO27010, PCI, etc.).

Can you be sure or can guarantee that AgileBits or any other entity you'd use to store your passwords in the cloud meets those standards and are compliant with those standards? If not, then you go back to storing things locally, which is what we are doing. No data from the standalone client traverses from that standalone client directly to the internet. It goes through a browser, or it never leaves the client. In my case, all sensitive information I have goes out through a browser over SSL. No CC numbers, no SSNs, or any other type of PII leaves the standalone client directly; it all proxies through the browser.

Most people don't think about that when it comes to cloud-based services or SaaS providers. And when they get breached (see T-Mobile, for example), your PII data is compromised. Now.. Imagine if it were your vaults that they were storing, and that gets out. No amount of additional strings to mitigate any cracking of that vault by a malicious entity is going to stop the fact that they got hold of your vault to begin with.

BL.

 

[johnb1968]

Same with BusyCal, which gives you I think 2 years of free updates when you buy it. Updates past 2 years require you to renew your license. Again, fair, because you can keep using what you paid for forever if you want.

Also... I bought BusyCal with that understanding upfront. They didn't try a bait and switch and try to force me to their subscription model. Also... subscribing once every two years hardly feels like a subscription as it is.

 

[macsplusmacs]

Yah, getting an email saying, sorry we left the database password blank and all your passwords are not the net is something that they can sorry themselves out of.

local option or nope.

 

[bradl]

Apparently, for newer versions of MacOS, they are going to be native Mac apps:

1Password 8: The Story So Far | 1Password

1Password 8 is a huge undertaking so far, and we are dedicated to creating top-tier experiences across all of our platforms. Read about our journey & features of 1Password 8.

blog.1password.com

Interesting is this blurb:

Ultimately we decided for a two-prong approach. We would build two Mac apps. One written in SwiftUI that targeted the latest operating systems and another using web UI that allowed us to cover older OSes.

I'm going to assume that "latest operating systems" will mean the last two, so for the sake of this let's make them Big Sur and Monterey. This would then cover any Silicon or last two year's run of Macs. Anything older than that would probably be out (don't know yet, AgileBits hasn't said). If this is the case, then this will alleviate half of the problems I have, leaving the subscription model to be the problem.

Unless I'm wrong with what hardware that can run SwiftUI-built apps, that's how I'm reading this...

BL.

 

[mailbuoy]

Apparently, for newer versions of MacOS, they are going to be native Mac apps:

1Password 8: The Story So Far | 1Password

1Password 8 is a huge undertaking so far, and we are dedicated to creating top-tier experiences across all of our platforms. Read about our journey & features of 1Password 8.

blog.1password.com

Interesting is this blurb:



I'm going to assume that "latest operating systems" will mean the last two, so for the sake of this let's make them Big Sur and Monterey. This would then cover any Silicon or last two year's run of Macs. Anything older than that would probably be out (don't know yet, AgileBits hasn't said). If this is the case, then this will alleviate half of the problems I have, leaving the subscription model to be the problem.

Unless I'm wrong with what hardware that can run SwiftUI-built apps, that's how I'm reading this...

BL.

Later in the same blog:
"Ultimately we made the painful decision to stop work on the SwiftUI Mac app and focus our SwiftUI efforts on iOS, allowing the Electron app to cover all of our supported Mac operating systems."

 

[macsplusmacs]

Guess 300 million in venture capital money means never having to care about producing a best rate app experience ever again.

Noted 1password.

 

[Apple_Robert]

Yah, getting an email saying, sorry we left the database password blank and all your passwords are not the net is something that they can sorry themselves out of.

local option or nope.

That is one of the reasons I like Strongbox. It can be synced locally, opening the vault on my iOS devices (through user settings) requires a separate passcode in addition to using Face ID. It also doesn't require an internet connection in order to use.

 

[bradl]

That is one of the reasons I like Strongbox. It can be synced locally, opening the vault on my iOS devices (through user settings) requires a separate passcode in addition to using Face ID. It also doesn't require an internet connection in order to use.

That's what I like about 1P6, and was hoping I could get 1P7 for the same functionality on a Silicon Mac. I don't need a network connection (internet, intranet, or otherwise) to use 1P6. If I needed to sync between my iPhone, iPad, and Mac, I'd tether the Mac and iPad to my phone, sync that way, and then untether. But needing an internet connection, username and password to get to your vault of passwords is counter productive.

Strongbox looks like a good candidate as well, as long as they can get additional browser plugins.

BL.

 

[chickenpiccata]

From this:

SafeInCloud Review 2024 | Is this cheap password manager worth it?

SafeInCloud is a proprietary password manager that has become popular with a growing number of users. In this review we take a look at all aspects of this service as ask is it worth the money?

proprivacy.com

There is a suggestion that he is a Russian national, as well as the fact that he's been at this for 9 years.

From the bottom of the Secrets website, there is this blurb:

That gets you to this:

About

pfandrade.me

Yes, he's in Lisbon, Portugal, but has worked for Apple. So he definitely knows what he's doing. But I wouldn't be too hard on him; if it is a small company, which it definitely sounds like, he may be a 1-man shop, trying to do everything, similar to SafeInCloud.

BL.

Thanks for your comments. I saw that the name of the developer of SafeInCloud was Russian (or in that area), but I try not to jump to conclusions based on a name. Thanks for the further information.

I read the information you pointed to about the developer of Secrets, and I also read some of his recent blog entries. He is clearly an experienced Apple developer, as you noted, and the fact that he's willing to work his way through the headaches (to put it mildly) of the Mac App Store shows he is dedicated to his app. I will keep testing it.

One of the links in this thread got me in a roundabout way to NordPass, which I think hasn't been specifically mentioned here. I had heard of their VPN previously. They also have an encryption program with cloud storage called NordLocker. So they are apparently a little bigger company than some of the others we're discussing. They're based in Panama.

NordPass mentions sync between devices, but nowhere that I can find does it describe how they do it. I would guess that they use their own NordLocker, which would make sense, but there's no indication of whether they allow any alternatives. It's also not clear how well it supports non-password items other than credit cards, which they specifically mention. They are having a big sale through the month of August.

I'm not pushing NordPass, but I thought I'd mention it for those who might find it a credible alternative.

 

[chickenpiccata]

Importing my 1PW Pif file into Secrets worked rather well for me. Credit Cards show up in a 'Wallet' category, Software license show up in 'Software' and all the information I had was imported correctly.

Correction: Some of the 'Purchase Date' from 1PW Software Licenses entries are showing up as 4712-12-31 in Secrets but some show correct dates.....

Thank you. That's encouraging. I can live with a few glitches in non-critical data.

 

[MisterSavage]

FYI today (and every Wednesday) Bitwarden does a demo of their product and you can ask them questions.

Bitwarden Weekly Demo Registration

Open Source Is Our Passion, Password Security Is Our Strength sign up for a weekly demo

bitwarden.com

 

[johnb1968]

Importing my 1PW Pif file into Secrets worked rather well for me. Credit Cards show up in a 'Wallet' category, Software license show up in 'Software' and all the information I had was imported correctly.

I had a similar experience with Enpass. It imported all my 1Password data almost perfectly. Frankly, I was shocked, but pleasantly surprised.

 

[philosopherdog]

https://www.slant.co/versus/2836/19421/~enpass-password-manager_vs_bitwarden

bitwarden seems better

importing 1pass is trivial in the case of bitwarden. Free plans are super generous.

 

[MisterSavage]

bitwarden seems better

importing 1pass is trivial in the case of bitwarden. Free plans are super generous.

I did have problems with some of the categories and tags. All of my passwords and userids were imported just fine.

 

[MacBH928]

I avoid software rental as much as I can as well. But I also recognize that in this particular situation 1) it's an extremely high-stakes application; 2) security threats are constantly changing; and 3) websites are constantly changing as well, necessitating updates for autofill compatibility. Add to that the immense utility of the family plan I use, which offers a mix of personal and shared vaults. 1Password is well-designed, has excellent support and sees frequent useful updates.

$60 a year for the family plan is not nothing, but I feel like I'm getting a ton in return. There are all kinds of trivial things (like weather apps, for crying out loud!) that charge as much or more than that.

In a perfect world, I think more developers would shift to a model like Agenda, which charges for a year's worth of premium features (on top of the free baseline version) but you get to keep using those features you paid for, even after the year is up. THAT is a subscription instead of a rental. Same with BusyCal, which gives you I think 2 years of free updates when you buy it. Updates past 2 years require you to renew your license. Again, fair, because you can keep using what you paid for forever if you want.

But again, I personally wonder if a password manager is something you don't want to keep using without frequent updates. I wouldn't feel as comfortable doing so, anyway.

1Password is one of the greatest software I have used in my 2+ decades of computers it actually makes your life better and works for you instead of you working for it but I still won't give in.

If you have like a family of 5 members with multiple vaults that need a Sync account and you use 1password cloud Sync then I think the $5/m is very worth it. I just don't understand the the shared vaults concept as most passwords are for personal accounts other than stuff like the Wifi password and a streaming service account.

If 1password employees actually scan the web and make sure their autofill works correctly on each website then I might consider the rent because thats an ongoing service to make my life better. But does it really work like that?

More a disaster for the .01% of their users who give a crap either way.

I think when you spend time on these kinds of enthusiast forums you lose sight of the fact that you don't represent the vast majority of users. Most people don't know or care whether something is "in the cloud" or what, so long as it works reliably.

Agreed most people including businesses will just pay the price but at this point I at least urge them to choose a different vendor just to not create your own monster. Just look how everyone is relying on Google and AWS to use the internet, better keep your options alive.

 

[MacBH928]

That is the part that is getting me. As a sysadmin and ISO, hell, ANY ISO would heavily recommend against storing any passwords, let alone sensitive data in the cloud unless the entity holding it has gone through some heavy certifications and being compliant in those certifications (ISO27001-ISO27010, PCI, etc.).

Can you be sure or can guarantee that AgileBits or any other entity you'd use to store your passwords in the cloud meets those standards and are compliant with those standards? If not, then you go back to storing things locally, which is what we are doing. No data from the standalone client traverses from that standalone client directly to the internet. It goes through a browser, or it never leaves the client. In my case, all sensitive information I have goes out through a browser over SSL. No CC numbers, no SSNs, or any other type of PII leaves the standalone client directly; it all proxies through the browser.

Most people don't think about that when it comes to cloud-based services or SaaS providers. And when they get breached (see T-Mobile, for example), your PII data is compromised. Now.. Imagine if it were your vaults that they were storing, and that gets out. No amount of additional strings to mitigate any cracking of that vault by a malicious entity is going to stop the fact that they got hold of your vault to begin with.

BL.

I think what they do is they encrypt the vault in the cloud, so even if someone get their hands on the vault no one can crack it. millions of people are using 1password cloud and so far have no heard of any issues, also given that they are a password and encryption company I will guess they know what they are doing...but still I am not going to wait for them to mess up, because everyone makes mistakes.

Thanks for your comments. I saw that the name of the developer of SafeInCloud was Russian (or in that area), but I try not to jump to conclusions based on a name. Thanks for the further information.

I read the information you pointed to about the developer of Secrets, and I also read some of his recent blog entries. He is clearly an experienced Apple developer, as you noted, and the fact that he's willing to work his way through the headaches (to put it mildly) of the Mac App Store shows he is dedicated to his app. I will keep testing it.

One of the links in this thread got me in a roundabout way to NordPass, which I think hasn't been specifically mentioned here. I had heard of their VPN previously. They also have an encryption program with cloud storage called NordLocker. So they are apparently a little bigger company than some of the others we're discussing. They're based in Panama.

NordPass mentions sync between devices, but nowhere that I can find does it describe how they do it. I would guess that they use their own NordLocker, which would make sense, but there's no indication of whether they allow any alternatives. It's also not clear how well it supports non-password items other than credit cards, which they specifically mention. They are having a big sale through the month of August.

I'm not pushing NordPass, but I thought I'd mention it for those who might find it a credible alternative.

I wouldn't use Nord for anything, just not trust them.

https://www.slant.co/versus/2836/19421/~enpass-password-manager_vs_bitwarden

bitwarden seems better

importing 1pass is trivial in the case of bitwarden. Free plans are super generous.

While free is nice we all should remember there is no such thing as free lunch, always always always give back money to free and open source projects if you would like to see them continuing to exist. Even if they are financially stable, the more they make the better support and app you will get and the more they care.

The idea is everyone should contribute something : $5 * 1 Million users = $5 Million !!!

meanwhile, $100K from one user = $100K

So preach the culture of contributing and donating, some people contribute code, I do not know how to code but I can contribute $5.

 

[macintoshmac]

In the modern day I expect about 5 years of security updates and bug fixes along with my purchase. I am ok for paying for new features, but I do not want new features.

Whatever mumbo jumbo 1Password say about new features, since my first license I have been doing the same: create login-autofill-Sync.

The only reason I see paying a reason to upgrade is when Apple release a new OS, and I upgrade to that, and its functionality breaks. Now I think fair to repurchase the new version that was adjusted to work on the new OS because mine was not original meant to work with future OSs.


As for "secrets management tool without patches for years on an internet connected device" I just do not see the threat issue. I use 1password locally, I do not share it online, how is 1password under online threat and security breach more than TextEdit or VLC or even the Netflix App in a roku stick?! I would understand if it was a tool like a browser that I go online with or online storage service.



Yes but 1password cmd+\ is less keys to press each time(2 buttons > 3 buttons) and its built into my muscle memory. I tried to adjusting the shortcut to "cmd+\" in Bitwarden but did not work.



well I did say its "glorified" spread sheet. It has encryption, password access, nicer GUI, AutoFille and a plugin. Its not that I am not willing to pay for the glorified version, I do not want to "rent" it.



I mentioned here before, MSecure looks like its abandoned. idk.



idk, there are people who snoop the internet for people who still didn't upgrade their software that has known vulnerabilities in the hopes some people still do and target those specifically.

mSecure is not dead, it is very much alive and v6 will be out soon. I am trying to get on the beta versions of those to test them out.

 

[eltoslightfoot]

mSecure is not dead, it is very much alive and v6 will be out soon. I am trying to get on the beta versions of those to test them out.

That's fantastic news! I didn't want to believe it, but their last blog posts are from 2018, and they haven't touched twitter since 2017?

 

[madrigal77]

Another vote for Enpass. Been using it for years. I was grandfathered in with a lifetime licence when they went to the subscription model. Glad to hear they are back to offering the lifetime licence again.