Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password migrants thread
- Thread starter MacBH928
- Start date
- Sort by reaction score
Here you go:
Codebook Help - Secret Agent
Using Secret Agent and Secret Agent Actions to access your passwords in Codebook and quickly fill out login forms.
www.zetetic.net
In fact, the command is exactly that: cmd+shift:\ .
If this forum is the measuring stick for how popular a password manager application is, then we're in a world of trouble, especially since the bulk of the people who need them don't even know what a password manager is, let alone how to use one. Plus, they are naive about it because those people tend to use the same password all over the place because they don't know how to think of anything more.
In this case, STRIP having been around since 1998, has already had the huge following for it, because of it being in the Palm Pilot world. Codebook is a complete rewrite of STRIP, and was out when the original iPhone came out, in 2007-2008. From there they've expanded to other OSes, but where you are seeing Codebook being overshadowed by the likes of 1Password, is because of marketing. That doesn't mean Codebook is bad because it isn't as known as 1Password or LastPass or KeePass, but lack of notoriety by the users does not in any way mean that the people behind Codebook don't care about Codebook. Their 23 years worth of experience speaks more volume than anything.
By contrast, LastPass and Dashlane are more known than Codebook; yet look how horribly supported they were, especially with the more recent vulnerabilities.
BL.
I shortened the Secret Agent to 2 keys.Here you go:
Codebook Help - Secret Agent
Using Secret Agent and Secret Agent Actions to access your passwords in Codebook and quickly fill out login forms.
In fact, the command is exactly that: cmd+shift:\ .
If this forum is the measuring stick for how popular a password manager application is, then we're in a world of trouble, especially since the bulk of the people who need them don't even know what a password manager is, let alone how to use one. Plus, they are naive about it because those people tend to use the same password all over the place because they don't know how to think of anything more.
In this case, STRIP having been around since 1998, has already had the huge following for it, because of it being in the Palm Pilot world. Codebook is a complete rewrite of STRIP, and was out when the original iPhone came out, in 2007-2008. From there they've expanded to other OSes, but where you are seeing Codebook being overshadowed by the likes of 1Password, is because of marketing. That doesn't mean Codebook is bad because it isn't as known as 1Password or LastPass or KeePass, but lack of notoriety by the users does not in any way mean that the people behind Codebook don't care about Codebook. Their 23 years worth of experience speaks more volume than anything.
By contrast, LastPass and Dashlane are more known than Codebook; yet look how horribly supported they were, especially with the more recent vulnerabilities.
BL.
Well... I've made my decision. And it's an interesting one.
I've decided to migrate to Enpass... and I've decided to migrate to Codebook. Why both?
Both offer what I need, so I'm not worried about requirements/features. As mentioned before, both use SQLCipher, which Zetetic created, and with it being FOSS, I'm comfortable in the encryption methods being used. And as the government uses this as well (meaning that they conform to NIST and ISO 27001 standards), they can provide DoD level encryption, which I've had to use in encrypting PCI data. Not that any of that is relevant here, but that simply because it has the ability to encrypt at that strength leaves me very comfortable in what both can do.
But why both? Simple. the problem.. is me.
Because I'm the IT guy, I'm effectively the de facto IT guy for 4 families: Mine, my mother's side of my family, my father's side of my family, and part of the in-laws. I store all of my family's vital records into that password manager: SSNs, bank account numbers, passports, birth certificates, etc. But with having hold of my extended family's data, this means that they also tend to come to me for some of the passwords to things that they forget. And while I could lump them all together into the same vault, or even create separate vaults for each part of my family, that still leaves one single point of entry: the master password.
Remember how I keep rambling on about Single Point of Failure? That master password is that single point of failure. What that means is that if that master password is lost by any means, all of that data is inaccessible. Further, should I give someone that master password for keeping should something happen to me, that means that that person would have access to everyone's data.
I prefer having that separate, so that one side of my family does not access to my other families' data. So two separate apps with two separate master passwords, and multiple vaults inside each application solves that perfectly. One master password can be given to my immediate family in case of emergency, and one master password to my mother in case of emergency there. I'm an only child, so the data for my father's side of my family will always be with me anyway.
So this way, I keep my family's data separate, plus protect one side from the other, and can keep my data in multiple vaults in applications in multiple places in case of disaster. In short, redundancy.
So both will be working for me, as both will suit my needs.
BL.
I've decided to migrate to Enpass... and I've decided to migrate to Codebook. Why both?
Both offer what I need, so I'm not worried about requirements/features. As mentioned before, both use SQLCipher, which Zetetic created, and with it being FOSS, I'm comfortable in the encryption methods being used. And as the government uses this as well (meaning that they conform to NIST and ISO 27001 standards), they can provide DoD level encryption, which I've had to use in encrypting PCI data. Not that any of that is relevant here, but that simply because it has the ability to encrypt at that strength leaves me very comfortable in what both can do.
But why both? Simple. the problem.. is me.
Because I'm the IT guy, I'm effectively the de facto IT guy for 4 families: Mine, my mother's side of my family, my father's side of my family, and part of the in-laws. I store all of my family's vital records into that password manager: SSNs, bank account numbers, passports, birth certificates, etc. But with having hold of my extended family's data, this means that they also tend to come to me for some of the passwords to things that they forget. And while I could lump them all together into the same vault, or even create separate vaults for each part of my family, that still leaves one single point of entry: the master password.
Remember how I keep rambling on about Single Point of Failure? That master password is that single point of failure. What that means is that if that master password is lost by any means, all of that data is inaccessible. Further, should I give someone that master password for keeping should something happen to me, that means that that person would have access to everyone's data.
I prefer having that separate, so that one side of my family does not access to my other families' data. So two separate apps with two separate master passwords, and multiple vaults inside each application solves that perfectly. One master password can be given to my immediate family in case of emergency, and one master password to my mother in case of emergency there. I'm an only child, so the data for my father's side of my family will always be with me anyway.
So this way, I keep my family's data separate, plus protect one side from the other, and can keep my data in multiple vaults in applications in multiple places in case of disaster. In short, redundancy.
So both will be working for me, as both will suit my needs.
BL.
One thing I've noted about Enpass...
When you use their browser plugin, the plugin searches for an installation of Enpass and will then start it if it finds it. That means that to use the plugin, Enpass must be running the entire time.
Not entirely convenient, as compared to 1Password's mini program, where I don't have to have 1Password running in its entirety to use the mini program or the browser plugin.
Going to compare that to Codebook and see what I get...
BL.
When you use their browser plugin, the plugin searches for an installation of Enpass and will then start it if it finds it. That means that to use the plugin, Enpass must be running the entire time.
Not entirely convenient, as compared to 1Password's mini program, where I don't have to have 1Password running in its entirety to use the mini program or the browser plugin.
Going to compare that to Codebook and see what I get...
BL.
I always imagined 1password got popular because its a superior app just like say why VLC or uBlockOrigin got popular. Even if CodeBook is older none the less 1Password still looks shinier and more user friendly and better GUI IMO.
Older in the game does not necessarily mean better. Yahoo is older than Bing and Google, Explorer is older than Chrome, Chrome older than Brave. BlackBerry older than iOS and Android by like a decade or more.
can it be exactly: cmd+\ ?
Part of the reasion I stayed away from Bitwarden is because it only operates in a browser plugin (can't call the mini app) and the shortcut could not use cmd+\ IIRC.
I will be waiting to hear from your experience with the two apps.
As for the master password you can store in written down somewhere just in case.
How do you sync vaults for the whole family via WiFi? this is exactly what 1Password cloud sync solves which I believe you do not want.
I think Enpass has an assistant app just like CodeBook Secret Agent and 1Password Mini. I could be wrong.
I changed the Secret Agent activation to Shift+ \ (no plus sign). Three keys is too much.
I wonder why you could not (or they did not program) allowing the designation of different vaults or installs with different passwords?
Regarding Codebook having run it for several weeks on my Mac/iOS devices, I am satisfied with it, will be installing it on my PC. I do miss the browser extension, but acknowledge that it could be a security risk,
To a degree, it can mean better. In this case, older = more experienced, and knowing the pitfalls that something newer and fresh may not know. For example: following the trend of subscription-based services while not knowing or realizing the pitfalls and security issues that come with that. But because everyone else is doing it and they want to be the most popular, 1Password is following that route, and as a result royally pissed off a fairly big number of their customers; hence, this thread.
That's the problem. I could easily write down the master password, but someone would have to not only have that single master password, but that single master password would get them access to all of the vaults in the application, regardless of whose data it is. That's the single point of failure I'm referring to.
I'm not necessarily syncing their data. They are telling me it (read: over the phone). I'm inputting it into the password manager, and saving it. I sync that between my devices, back it up, and store that backup offsite. That way I have their data for what they need as a backup in case they lose it. In effect, I'm their disaster recovery.
That is a good question. They could have had a master password to use to get to the vaults, then have the vaults have a separate password to input to get into those. That would provide that additional layer of security. Instead, there isn't that layer, so with the entry point to all vaults being that master password, I'd prefer to have that be separate to keep my families' data separate.
This is where Secret Agent comes in to help with that, doesn't it? I'm just reading up on it right now to give it a try..
BL.
"I'm not necessarily syncing their data. They are telling me it (read: over the phone). I'm inputting it into the password manager, and saving it."
This seems like a time-consuming and error-prone process. Additionally, it also comes with some risk as transmitting information over the phone isn't especially secure. I realize that you don't want to pay subscription fees, but wouldn't one of the full-featured password managers save you a lot of time? (I wouldn't know which one to recommend as I don't currently use any of them, and started browsing this thread to try to figure out what password manager to use.)
This seems like a time-consuming and error-prone process. Additionally, it also comes with some risk as transmitting information over the phone isn't especially secure. I realize that you don't want to pay subscription fees, but wouldn't one of the full-featured password managers save you a lot of time? (I wouldn't know which one to recommend as I don't currently use any of them, and started browsing this thread to try to figure out what password manager to use.)
@bradl
Can't there be like an administrative password for a group of vaults not ALL vaults?
Can't there be like an administrative password for a group of vaults not ALL vaults?
if you specify what you want I am sure we can pin point you after 36 pages of discussions we did some pretty good search on it
Anyone able to get Secret Agent working on Monterey?
MAS version of the app, unable to get secret agent working. Will need to talk to the folks at Zetetic.
MAS version of the app, unable to get secret agent working. Will need to talk to the folks at Zetetic.
Not that I'm aware of. The master password gets you into all of the vaults, but I am not sure that you can password protect a vault after the master password has been entered. I don't think any password manager developer has thought of that functionality..
Actually, the phone is more secure than them emailing it. Unless someone is wiretapping a phone line (which with everything being digital now instead of analog, is more than highly unlikely), there is no way of having any time of MiTM (Man in the Middle) attack to intercept what is being spoken.
Besides, I already had most of their credentials; it was simply a matter of getting any new ones they may have created, and then separating them on my end in the password manager. That actually the easy part: I export everything out of 1Password, import everything into both Codebook and Enpass, and then delete what is not needed in that vault. I then back those vaults up, store them offsite in case I have a disaster, and then I'm good.
They do, and there is. I've been a 1Password user since 1Password 3, which came out in 2013. 1Password 3 through 1Password 6 are all full featured, and still work to this day. And I can still use them forever, because they are standalone vaults with standalone, perpetual licenses. What forces our hand isn't just 1Password going to being subscription only and being forced to store our data on THEIR servers; the other problem forcing our hand is Apple's move away from Intel. They gave the two year warning on that last year, which is fine; When they fully drop Intel support in MacOS, none of the Intel binaries will work, including 1Password 6, which is what I am on now.
1Password 7 does have a Silicon version, but we can't upgrade to that. 1Password 7 does support standalone vaults, but you have to purchase the license for that.... except for the fact that 1Password disabled and shut down the servers that provision those licenses, so you can't buy one full stop. We're stuck with subscription or nothing at all, and that is what completely forces our hand.
BL.
Enpass
I like being able to customize the GUI to my liking at least some of the GUI. Not totally of course.
Reminds me of what 1Password use to be too. When it was good.
Say what? Customise the GUI?
I find Enpass to be the closest and the richest 1Password competitor out there.
One oddity I found for its iOS app is that to have Enpass on the Watch, you need to add items to the Watch per item! That design decision clearly reeks of too much alcohol.
i will be joining soon and looking forward to hear about your experience
No one is calling their pricing unfair. The nuked down offering and the removal of first-rate app on macOS is the bone of contention here as has been said here before and I am repeating.
Hmm...
$60/year, versus - without any special offerings - $50 in perpetuity. If I take into account when I first purchased 1Password all the way up to now and compare that to the price you mentioned, I would have paid $50 versus $540.
And you're calling that "stingy"? That statement leaves A LOT to be desired.
BL.
I never understand this logic. 1Password is a solid product that charges one price. So if you pay less than what they charge for something else you're automatically sacrificing quality or security? I paid $50 for a 1Password7 license that lasted me three years. That would have been $108 with today's subscription prices. A 50% price increase made me shop around. I found something i like better (usability and security-wise) and I ended up paying less for a subscription. Be "stingy" with your money wisely.
Its not about being stingy, its about AgieBits being greedy.
1-Subscription is like renting a house, license is like buying a house. It gives you the peace of mind.
2-AgileBits survived like 10 years on license, suddenly its no longer good enough usability wise or income wise to them
3-Encouraging subscription model will encourage others to change into subscription, then everything will be rented. Then you will recieve like $200 monthly bill for using your tv, router Wifi, phone 5G signal, PDF viewer, JPEG render, MP3 player, youtube video codec, the developer got to eat right?.... where does it end?
Any more so than most companies? They want to grow so they are changing their business model and product offering. Of course that's greed, but isn't that one big part of capitalism? They've changed their target audience; as long as they serve that audience honestly, then I'm not sure I see any more fault than what I see in capitalism, generally.
But, I also need the peace of mind gained from frequent updates; I would never use an old version of their software without security holes being fixed. And, I couldn't use it if I didn't receive upgrades that allow it to run on newer operating systems. So, no matter what their model is, I would still consider it a subscription in the sense that there would be continuing costs. The only difference I see is that the cost now is orders of magnitude more than the cost before.
They want to grow, like most companies. Nothing they have done is sudden; they've been pushing subscriptions to a hosted solution for a long time now.
Yeah, it's a problem for me too.
In any case, this is just like a divorce. 1Password just doesn't love you anymore and has moved on. It's grown and has hooked up with someone that's more attractive. It does suck being left behind. You're back on the dating scene, looking for a password manager on Tinder.
This feeling of being abandoned is exactly what I felt when Apple moved away from the professional market. Happily, Apple and I have reconciled, but only because Apple saw it in their best interest to do so. It's now up to you to produce an argument that will convince 1Password that your needs matter.