1Password migrants thread

[MisterSavage]

Look, I use 1Password for passwords, secure notes with codes, software licenses, and as a 2fa generator. These are important things. For $3 a month. Am I really going to experiment with alternatives (who I know little about) for such important things, to save a few dollars? Also, am I going to spend my time on researching these alternatives? Then spend my time transferring all my passwords to another service that, for all we know, might also switch to a subscription model at some point? Not doing that. 1Password has, so far, been reliable and trusted and their price is reasonable.

If that works for you that's great and there's nothing wrong with that approach. But there's plenty of us that weren't outraged, just unhappy at the direction 1PW was taking. For something as critical as passwords I don't mind spending my time researching alternatives. When the price of what I paid is increased more than 50% I don't mind researching alternatives. The time I spent transferring was well spent because I switched to a cheaper, reliable and trusted open source alternative that works better for me functionality wise. I immediately signed up for their subscription plan because I like the product and wanted to support them but they state their free plan will be free forever. If they started acting differently I would take my data elsewhere, just like I did with 1Password.

 

[maflynn]

Look, I use 1Password for passwords, secure notes with codes, software licenses, and as a 2fa generator. These are important things. For $3 a month.

Agreed, and if you followed this thread at all, I voiced the same thing, I was a vocal proponent of 1PW. There are still things it does better then its competition but for me and my usage I found that Bitwarden to be a great fit and its free. If you're so inclined to take the subscription, its 10 dollars a year or about $.83 cents a month.

What I feel Bitwarden has going for itself, is that it's open source and peer reviewed, so that should identify any major potential issues well before it reaches the consumers.

I'm not trying to convince you that its a better application but rather I found that BW provides features/service that is important to me, on par (if not better) with 1PW. 1PW does a few things better, no question but for me, I don't like how 1PW has been treating its customers and so for 83 cents a month I moved to BW.

How they handled the move to electron and how they basically belittled and talked down to those who voiced their concerns left a really bad taste in my mouth. Also changing how to export to make it more proprietary wasn't a good look.

 

[Alwis]

Am I really going to experiment with alternatives (who I know little about) for such important things, to save a few dollars?

For me it is not about the price but about removing the abilty to store my passwords locally. I will never ever store my most important data ob soneones else server.

Beside that the way 1PW present itself nowdays makes me question if I want to trust that company with my passwords, even if the (re) added local vaults to the new version.

 

[7thson]

Well for better or worse I’m jumping ship from 1Password to Strongbox with keychain as a secondary. I’m more comfortable trusting iCloud than 1pw with my data. Suboptimal since I am a windows user but keychain is now supported in windows10 so that’ll do. I mainly use windows for work so most of my login creds don’t need to be used there anyway.
I did enjoy 1Password for the past 10 years but we just don’t see eye to eye anymore and it’s time to say good bye.

 

[aevan]

Well for better or worse I’m jumping ship from 1Password to Strongbox with keychain as a secondary. I’m more comfortable trusting iCloud than 1pw with my data. Suboptimal since I am a windows user but keychain is now supported in windows10 so that’ll do. I mainly use windows for work so most of my login creds don’t need to be used there anyway.
I did enjoy 1Password for the past 10 years but we just don’t see eye to eye anymore and it’s time to say good bye.

I’m a bit confused, I keep my 1Password vault in iCloud. Can’t you choose where you keep the data? Did they change that?

 

[toasted ICT]

No, obviously not.

 

[deeddawg]

I’m a bit confused, I keep my 1Password vault in iCloud. Can’t you choose where you keep the data? Did they change that?

My understanding is that changed in v8 and you can no longer do this, the vault must be stored on 1Password's servers.

That is one of the reasons I've moved to Enpass.

 

[7thson]

I’m a bit confused, I keep my 1Password vault in iCloud. Can’t you choose where you keep the data? Did they change that?

I was using icloud in 1pw6 but then one of the Mac updates killed the extension for that and I was presented with either live with it or update to 1pw7. There was the option to purchase a 1pw7 license that would allow me to use iCloud but Agilebits was hard selling the subscription, which does not offer an alternative cloud storage to Agilebits, and I figured I’d give it a try, despite my misgivings.
I initially had a few wrinkles that needed some patience to work out, but the subscription seemed fine once I sorted those out. What I noticed was that with every update, 1pw was getting more bloated and feature rich in ways that I didn’t care about. Now Agilebits has taken away the individual license, as I understand it, and I just wanted a simple, stable password manager that wasn‘t trying to constantly wow me with new features.
I’m not devoted to Strongbox and may give BitWarden a try, but my run with Agilebits is over. It was good, no great but its time to move on, ce la vie.

 

[bsmr]

Maybe you should give KeePassium a try. www.keepassium.com

Not as feature rich as strongbox but all the features are well designed and reflected

 

[MisterSavage]

I’m not devoted to Strongbox and may give BitWarden a try, but my run with Agilebits is over. It was good, no great but its time to move on, ce la vie.

This is so off topic but I love your profile pic. I used to have a black cat that would do that same thing. To keep it on topic, it's free to try Bitwarden for as long as you want!

 

[svenmany]

Also changing how to export to make it more proprietary wasn't a good look.

In what way is it now more proprietary? I took a look at 1Password 7. The only unencrypted export format that exported the total shebang was the 1pif format. The new 1pux seems very similar. Is there some open standard that you feel they've moved away from?

 

[MisterSavage]

In what way is it now more proprietary? I took a look at 1Password 7. The only unencrypted export format that exported the total shebang was the 1pif format. The new 1pux seems very similar. Is there some open standard that you feel they've moved away from?

They took out the ability to export to csv but it looks like they responded to feedback and put it back.

https://twitter.com/x/status/1473319565954359308

 

[svenmany]

They took out the ability to export to csv but it looks like they responded to feedback and put it back.

https://twitter.com/x/status/1473319565954359308

OK. Was the CSV in some standard format accepted by other password managers?

 

[MisterSavage]

OK. Was the CSV in some standard format accepted by other password managers?

No idea. I didn't use CSV when I exported my 1Password data to move to another solution.

 

[svenmany]

My sense of things is that 1Password didn't move to a proprietary format. Instead, they previously had two proprietary formats, 1 CSV and 1 JSON (1pif). They decided to drop the CSV one. The CSV one omitted so much data compared to the JSON one, so they probably didn't think it mattered. I guess it did matter to enough people that they put it back.

The new 1pux JSON is very close to the old 1pif JSON. They are actively working on extending the 1pux format with the stated intention of ensuring that your password data is not held captive by their program. For example, they said they are working on including file attachments. (Let's see if they deliver a complete solution.)

In an hour I could write some code that reads the JSON and produces the CSV. When developers of other password programs complain about 1Password's proprietary export format, they are just posturing and pandering.

There's plenty to complain about with regard to 1Password's current direction. But, I just don't see the issue with the export format.

 

[svenmany]

My sense of things is that 1Password didn't move to a proprietary format. Instead, they previously had two proprietary formats, 1 CSV and 1 JSON (1pif). They decided to drop the CSV one. The CSV one omitted so much data compared to the JSON one, so they probably didn't think it mattered. I guess it did matter to enough people that they put it back.

The new 1pux JSON is very close to the old 1pif JSON. They are actively working on extending the 1pux format with the stated intention of ensuring that your password data is not held captive by their program. For example, they said they are working on including file attachments. (Let's see if they deliver a complete solution.)

In an hour I could write some code that reads the JSON and produces the CSV. When developers of other password programs complain about 1Password's proprietary export format, they are just posturing and pandering.

There's plenty to complain about with regard to 1Password's current direction. But, I just don't see the issue with the export format.

I think 1Password could have saved themselves a lot of headaches if they had just named the 1pux export with the "zip" extension. Then, the file inside of the zip could have had the "json" extension. Then people wouldn't be so confused by the export.

 

[MisterSavage]

When developers of other password programs complain about 1Password's proprietary export format, they are just posturing and pandering.

I don't agree with this. Why should it be other developers' responsibility to keep up with whatever new format 1Password is coming up with? If you have faith in your product give users an easy way to leave your product and convince them to stay with good service/practices.

 

[toasted ICT]

they are just posturing and pandering.

Most companies typically think it best to use some sort of common data interchange to allow data to be independant of the specific application....hence the various photo standards JPEG, PNG, text standards like txt, csv etc

That 1P decided to modify their data export format to something that was as difficult as possible for the customer to make use of is in keeping with Agilebits new ethics model.

That you post saying you could "write some code that reads the JSON and produces the CSV" is just nonsense...even if this is true ....that you suggest the average user should need to do this in order to recover THEIR data is just ludicrous.

I think you should go back to your day job upsetting customers on the Agilebits support forum.

 

[svenmany]

Most companies typically think it best to use some sort of common data interchange to allow data to be independant of the specific application....hence the various photo standards JPEG, PNG, text standards like txt, csv etc

CSV is no more a standard than JSON. 1Password chose JSON. They previously chose JSON. JSON is a text standard. You can open the 1pux (after unzipping it) in a text editor like Notepad on Windows. Then you just search for the website you are interested in and you'll see your login credentials in plain sight.

I have a hard time seeing this from a non-programmer's perspective; sorry about that. But, the export format, and the use of it as input to another password program, is mainly the concern of the developers, those of the password program you're leaving and the password program you're moving to.

I don't think that 1Password's CSV export was ever a full export of the data stored in the program. It's good that they added it back, since it does provide a way for a user to move away from password programs completely.

That 1P decided to modify their data export format to something that was as difficult as possible for the customer to make use of...

Again, my apologies; it's hard to see things from your non-programmer perspective.

JSON is a really easy format for a programmer to make use of. Perhaps you have a friend programmer that you trust who can confirm this for you. The customer makes use of this format by counting on the developer of some password program who wants to get them as a customer. I'm not sure of another way a non-programmer customer might conveniently and safely make use of a clear text export of their passwords.

1Password would have chosen a proprietary binary format to export if they had wanted to make it difficult to use.

That you post saying you could "write some code that reads the JSON and produces the CSV" is just nonsense...

Again, find a programmer you trust to confirm this for you. One of the common packages that Java programmer's use for this is named Jackson. Here's a simple tutorial on how to convert JSON to CSV - https://www.baeldung.com/java-converting-json-to-csv. Since I've already done such conversions in the past, it would certainly take me under an hour to do this. I would not expect a user to do this, but I would expect a programmer of another password program to be as competent as I am and have no trouble with this common task.

I think you should go back to your day job upsetting customers on the Agilebits support forum.

Other than being intentionally hurtful, do you think that adds anything to the conversation? Perhaps you're asserting that I'm just trying to upset people since you are clearly upset. My apologies that my opinions caused you such distress. (regret but not remorse)

 

[svenmany]

I don't agree with this. Why should it be other developers' responsibility to keep up with whatever new format 1Password is coming up with? If you have faith in your product give users an easy way to leave your product and convince them to stay with good service/practices.

Respect. I hope we can just agree to disagree. At best, I'll just slightly clarify my opinion on that.

AgileBits claims it is trying to improve the export, making it more complete and usable as a way to populate another password program. I personally wouldn't expect them to maintain backward compatibility with the imports of their competitors. Competitors can pretty easily switch from processing the 1pif to processing the 1pux. We're going to find them all doing this in short order.

 

[svenmany]

I think it was a move to inhibit people and make it difficult for current customers to leave. What was their rationale to remove something that all password managers have other then to prevent their customers from leaving?

Is there a common CSV format that most password managers share?

 

[deeddawg]

Is there a common CSV format that most password managers share?

CSV is effectively universal...

Item1Field1,Item1Field2,Item1Field3,Item1Field4,....
Item2Field1,Item2Field2,Item2Field3,Item2Field4,....
...

Just need to tell the importing software which fields match up to what data. Often the exporting software provides a header row naming what each field is supposed to be, i.e. "Name,Username,Password,URL,etc,..." Now as to how to "escape" an actual comma inside a data field I forget what the convention is, but it's a problem that's been solved before.

 

[deeddawg]

AgileBits claims it is trying to improve the export, making it more complete and usable as a way to populate another password program. I personally wouldn't expect them to maintain backward compatibility with the imports of their competitors. Competitors can pretty easily switch from processing the 1pif to processing the 1pux. We're going to find them all doing this in short order.

My apologies if it's been mentioned, but I've not seen the info in the thread.

What in particular does 1pux offer than 1pif did not, and why eliminate the ability to export to 1pif?

Speaking for myself it was pretty simple to export from v7 to 1pif and then import it into Enpass. Haven't yet run into any data not being where it's supposed to be.

 

[svenmany]

CSV is effectively universal...

Item1Field1,Item1Field2,Item1Field3,Item1Field4,....
Item2Field1,Item2Field2,Item2Field3,Item2Field4,....
...

Just need to tell the importing software which fields match up to what data. Often the exporting software provides a header row naming what each field is supposed to be, i.e. "Name,Username,Password,URL,etc,..." Now as to how to "escape" an actual comma inside a data field I forget what the convention is, but it's a problem that's been solved before.

OK. In this case I meant a standard for which exact fields should be exported and the order they should be put in. But, I get your point.

My apologies if it's been mentioned, but I've not seen the info in the thread.

What in particular does 1pux offer than 1pif did not, and why eliminate the ability to export to 1pif?

Speaking for myself it was pretty simple to export from v7 to 1pif and then import it into Enpass. Haven't yet run into any data not being where it's supposed to be.

I'm going to find some links on 1Password forums and post here. I have run across some posts discussing their efforts with the 1pux format.

I attached 1pif and 1pux exports of the same password entry. The 1pux has more information, a few trivial name changes, and slight restructuring. Enpass will have no trouble catering for it; it's very close to the 1pif format. They just have to give it some priority to get it done.

Why did 1Password switch from 1pif to 1pux? I can only guess. They probably decided the 1pif needed some improvements and decided not to make the extra effort to support both formats. If the internals of 1Password data has changed, they might have had to reimplement the 1pif export to keep it working.

None of this helps people who counted on 1pif. AgileBits could have been more generous. But, I just don't see evidence of them being malicious, intentionally trying to make it hard for users to extract their data. I think they are just lazy.

 

[TinyMito]

I disagree with OP, I do support fellow Canadian companies on top. Their business model is required subscriptions to survive. A one-time purchase is no longer feasible when the software requires sync with an online server.

Servers cost money to run, where would the monthly expense pay by whom? Out of their pockets and each engineer's pockets? $ 60-lifetime license use for 5 years+ with ongoing support + server cost?

One engineer's salary is $100,000+ CAD in Canada, especially in the Vancouver area. That mere $60 is just a penny that the company needed to survive.

Bitwarden is your best friend that doesn't require online - but you must maintain your own NAS base and internet. That cost money too right?