Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password migrants thread
- Thread starter MacBH928
- Start date
- Sort by reaction score
I was going to be moving to Strongbox that was the perfect replacement but now I don't know (no actual positive development with the sale thus far). There is no other proper password app to replace iPassword 7. So I guess I am just going to have to continue holding onto iPassword 7 for now.
I don’t know the differences, but I do know that I wish 1Password offered Apple’s Aotuofill on macOS. I’ve mentioned this in the past, and still feel strongly about it. I’m not a fan of (installable) extensions in the browser.
A while back, I posted to the 1Password forum asking why they don’t support it, and I got an “our way is better” response. It might be as I’m not a skilled security developer. Alternatively, I know that I can use accessibility options in place of the extension, but giving control of my machine to a software vendor is not in my list of things I want to do.
Here’s hoping 🤞
AutoFill would benefit me as well. Even though I often use 1Password in Firefox and Chrome, the important websites and credentials are almost always accessed using Safari. If AutoFill is indeed safer, then having it in Safari would be an advantage to me.
My intuition tells me that AutoFill would be safer. I've read that the communication channel between the in browser extension and the separate 1Password process which has the credentials is a vulnerability. With AutoFill, Apple is in charge of that channel. Having tight control of the entire OS gives Apple a significant advantage in making that secure.
On the other hand - I have no idea what I'm talking about. It could be that 1Password would be forced into allowing its own code to run within the Safari process or some other execution context that they can't control. I have no idea what risks they might envision if that were the case.
basically look like in time it will be subscriptions only for password mangers meh there only 1 password manger now that i know of that with one time purchase
https://www.phnsft.com/products/safe-for-mac/ meant to be primitive alot of people say
to me strongbox and keeprium will fall in time
Also i know about enpass and it lifetime licence i own one but email activation does my heads in really wish they find a better way
https://www.phnsft.com/products/safe-for-mac/ meant to be primitive alot of people say
to me strongbox and keeprium will fall in time
Also i know about enpass and it lifetime licence i own one but email activation does my heads in really wish they find a better way
Password Depot: The powerful password manager!
Experience the power and ease-of-use of Password Depot, whether for personal or team use. Get started today.
www.password-depot.de
All Good Things...
We had a good run, however it's time to say
Goodbye to Minimalist
Thank you to everyone who has supported Minimalist over the years. Your support has been greatly appreciated.
Unfortunately, the amount of time and effort required to continue developing Minimalist has officially exceeded what we have to offer.
As such, we have made the difficult decision to cease development effective immediately, and end support as of August 1st, 2026.
The final version of Minimalist (3.7) will be available in the App Store until August 1st, 2026. There is also a macOS only version available for download directly from this site.
In this final version, we've updated the built-in export options for Apple Passwords, Safari, and a new Text File format. These options include all Minimalist data, including custom fields, so you will have access to all your data once Minimalist is no longer available.
Thanks again to everyone and take care!
- The Minimalist team
Goodbye to Minimalist
All Good Things... We had a good run, however it's time to say goodbye.minimalistpassword.com
god , i hate it when someone makes a promise then break it. Their reply to Apple_Robert was confident in insuring continued development and some weeks later he quit the project.
This is one of the main reasons i do not like indie apps especially for critical use cases. They either shut down, slow in development, or sell quitting on the user base. As I mentioned in my posts earlier, better stay with the bigger "herd".
There is another one that looks like Minimalists called Secrets and has license option:
Secrets | Password Manager for iOS and macOS
Made by Outer Corner. With love. From Lisbon.
secrets.app
wouldn't this have security risks?
Last edited:
-Codebook is free if you store locally I believe
-Bitwarden free
-ProtonPass is free but i think there is upper limit on credit card items
-KeePassXC
I do not know if you trust them but the following options have license option:
-StickPassword
-SafeInCloud
I think you meant KeePassium , the developer was on this thread saying the app was profitable and growing.
Due to security patches, I am not sure if license model is sustainable at least with smaller user base/indie apps
I used Secrets but wasn't keen on having the app always open in the Dock. It's another single dev app, however it is actively being updated and patched.god , i hate it when someone makes a promise then break it. Their reply to Apple_Robert was confident in insuring continued development and some weeks later he quit the project.
This is one of the main reasons i do not like indie apps especially for critical use cases. They either shut down, slow in development, or sell quitting on the user base. As I mentioned in my posts earlier, better stay with the bigger "herd".
There is another one that looks like Minimalists called Secrets and has license option:
Secrets | Password Manager for iOS and macOS
Made by Outer Corner. With love. From Lisbon.
wouldn't this have security risks?
I still have 1Password 7, but isn't it vulnerable to the recently discussed clickjacking vulnerability?
@DCIFRTHS I am guessing they are referring to https://blog.1password.com/clickjacking-what-it-means-for-1password-users/
@MacBH928
But I don't see this as an issue, for me at least. I have bigger fish to fry when it comes to security. Using 1password 8 in the cloud would open me up, way more, then any clickjacking and, according to the 1password post, doesn't even actually "fix" the issue since it is more a browser one.
If I was very concerned at this moment, then Strongbox it would have to be. I don't know if they even have a solution for this either. But after reading about it, I'm not overly concerned. This is something that has been around for a while.
@MacBH928
But I don't see this as an issue, for me at least. I have bigger fish to fry when it comes to security. Using 1password 8 in the cloud would open me up, way more, then any clickjacking and, according to the 1password post, doesn't even actually "fix" the issue since it is more a browser one.
If I was very concerned at this moment, then Strongbox it would have to be. I don't know if they even have a solution for this either. But after reading about it, I'm not overly concerned. This is something that has been around for a while.
Many other? Please share about the others. Thanks.
I don't know about many others, but I think overall using 1PW7 poses certain risks given that vulnerabilities do exist
With chatgpt's help, I did some deeper digging here's a list of CVEs that exist in 1PW7 that seemingly were addressed in 1PW8. I say seemingly because we can't fully trust chatgpt
- CVE-2022-29868 — Process validation bypass (macOS / 1Password for Mac 7.x)
- CVE-2022-32550 — Apps & integrations connection / server impersonation issue
- CVE-2020-18173 — DLL injection in 1password.dll (Windows desktop)
- CVE-2021-41795 — Safari app extension authorization bypass (1Password for Mac 7.x)
- CVE-2020-10256 — Insecure RNG in beta Command-Line Tool & SCIM Bridge (not desktop 7)
- CVE-2024-42219 & CVE-2024-42218 — Local macOS IPC / downgrade / exfiltration issues (discovered 2024)
- Settings file integrity / settings.json protections (August 2024 update — not a single CVE) - The newer “additional integrity protections” were shipped in 1Password 8 releases (8.10.38 etc.). 1
Was @bsmr referring to 1Password 7? If so, then I misinterpreted what he/she meant. I thought the comment was referring to 1Password 8.
Edit: spelling
Last edited:
I thought he was referring to version 7 but I do have a history of misunderstanding people, so this could be on me
I was thinking more about the 1pw 7 extension for autofill, but if you just use the app then idk what security risk you might face except it might not be compatible with future macos updates. Thats what happened to me when I bought CrossOver , the moment i updated macos it stopped working and there was no free updates I had to rebuy the newer version if i wanted it to work.
Trying another different password like manager. Heylogin. Only said like because it is not really a full fledged one. Depends.
The best part is no master pass. You can decide which device unlocks all your login and passwords.
www.heylogin.com
The best part is no master pass. You can decide which device unlocks all your login and passwords.
heylogin
heylogin – the passwordless login for companies. Secure, effortless access with just a swipe. No master password, no hassle. Try it now!
www.heylogin.com
I use 1Password extensively, but I've been thinking of changing to use Apple's built-in Passwords app. Any thoughts or comments? I realise it's a bit less capable, but the basic job of holding and filling passwords seems to work pretty well across all my Mac devices.
With the demise of Minimalist I tried Apple Passwords again, then went back to Minimalist! The main reason is that I'm not comfortable having my password manager use the same password as my Mac login.
For iOS you can use Stolen Device Protection and set to "Always". This requires biometric login to access Apple Passwords, not just a PIN or password. Unfortunately MacOS doesn't have Stolen Device Protection.
In a way that was one reason why I chose not to use proton's password manager. The master password is the my account password.
That's a fairly new feature, when it was first rolled out, you had no choice but to use your account password.
I use a number of proton products, I have for years, but in this instance I feel that 1Password - whose sole focus is password management offers a superior product and service.
Last edited:
For our uses, Apple’s Passwords app works very well. We need something across Apple devices (iphones, iPads, iMac) and keep 1Password only for compatibility among those devices and my wife’s work Microsoft Surface Book. She’s now retired, we use the Surface Book infrequently (almost none at all), and Passwords now meets our needs.
The extra features of 1Password that we liked, such as credit card info, secure notes, etc., are now also offered in iOS, iPadOS, and macOS in slightly less convenient ways, but they’re there. So when our current license for 1Password v7 is due for renewal, we’re out.