1Password migrants thread

[rmadsen3]

Exactly.. they are still supported, with exception to the architecture issue that is going to come up when Rosetta 2 is dropped from MacOS. At that point, 1PW 6 will still continue to be supported for those operating systems it can run on, but will not be able to run on anything non-Intel. 1PW 7 will.

BL.

bradl, I don't mean to sound argumentative. I appreciate your many thoughtful posts in this thread! I don't get it though -- why do you speak as if 1Password is nothing more than the /Applications/1Password.app bundle? In my eyes it's the browser extension that determines whether or not '1Password' is a viable option for any given operating environment. Even though 1Password v6 works on High Sierra, for instance, it doesn't work on the latest version of Safari that works in High Sierra. This 'browser extension' aspect works in AgileBits's favor -- the company has every incentive to *not* update browser extensions for old versions of 1Password.app.

So, in summary, even though 1PW 6 'will still continue to be supported for those operating systems it can run on', the app loses much of its usefulness once the user updates Safari (true perhaps for other Web browsers, too?).

 

[bradl]

bradl, I don't mean to sound argumentative. I appreciate your many thoughtful posts in this thread! I don't get it though -- why do you speak as if 1Password is nothing more than the /Applications/1Password.app bundle? In my eyes it's the browser extension that determines whether or not '1Password' is a viable option for any given operating environment. Even though 1Password v6 works on High Sierra, for instance, it doesn't work on the latest version of Safari that works in High Sierra. This 'browser extension' aspect works in AgileBits's favor -- the company has every incentive to *not* update browser extensions for old versions of 1Password.app.

So, in summary, even though 1PW 6 'will still continue to be supported for those operating systems it can run on', the app loses much of its usefulness once the user updates Safari (true perhaps for other Web browsers, too?).

Unfortunately, I can't speak for High Sierra, because no release of High Sierra was ever stable on my mid-2011 MBA. Time Machine to the rescue, which got me back to Sierra (10.12.6), which has been rock solid on that Mac ever since it came out. Both the application and the browser extension work fine in Safari on Sierra for me, so that is as far as I have gone with it.

The browser extension also works flawlessly for me in Chrome on Sierra (I don't believe there is an extension for Firefox or Opera, but then again, I haven't checked), but I will confess that I have limited experience for it on anything newer than Sierra.

I guess a good litmus test would be to see if 1PW 6 works on an Intel-based Mac running Monterrey. I also can't remember if 1PW 6 is a 32bit binary or 64bit binary. If it is 32bit, I then also can't remember which version of MacOS drops 32bit support, so that could also be an issue. But that would be a couple of good tests to run.

BL.

 

[CarAnalogy]

Probably no one going to read this but I vote for Strongbox on Apple platforms. While Strongbox itself is Apple only, KeePass on Windows is the official version anyway and is fully compatible. There is both a subscription option and a lifetime purchase option. The developer is responsive and good.

Oh and don’t keep your passwords in a spreadsheet, use a password manager. It’s best if you manage your password database yourself if you know what you’re doing. If you really want someone else to store it for you, Bitwarden is probably the best bet.

 

[MacBH928]

bradl, I don't mean to sound argumentative. I appreciate your many thoughtful posts in this thread! I don't get it though -- why do you speak as if 1Password is nothing more than the /Applications/1Password.app bundle? In my eyes it's the browser extension that determines whether or not '1Password' is a viable option for any given operating environment. Even though 1Password v6 works on High Sierra, for instance, it doesn't work on the latest version of Safari that works in High Sierra. This 'browser extension' aspect works in AgileBits's favor -- the company has every incentive to *not* update browser extensions for old versions of 1Password.app.

So, in summary, even though 1PW 6 'will still continue to be supported for those operating systems it can run on', the app loses much of its usefulness once the user updates Safari (true perhaps for other Web browsers, too?).

Unfortunately, I can't speak for High Sierra, because no release of High Sierra was ever stable on my mid-2011 MBA. Time Machine to the rescue, which got me back to Sierra (10.12.6), which has been rock solid on that Mac ever since it came out. Both the application and the browser extension work fine in Safari on Sierra for me, so that is as far as I have gone with it.

The browser extension also works flawlessly for me in Chrome on Sierra (I don't believe there is an extension for Firefox or Opera, but then again, I haven't checked), but I will confess that I have limited experience for it on anything newer than Sierra.

I guess a good litmus test would be to see if 1PW 6 works on an Intel-based Mac running Monterrey. I also can't remember if 1PW 6 is a 32bit binary or 64bit binary. If it is 32bit, I then also can't remember which version of MacOS drops 32bit support, so that could also be an issue. But that would be a couple of good tests to run.

BL.

Talk about sleazy business behaviour, I thought as they update the app for security fixes the extension will be updated too?! My understanding the extension is more of a threat than the app itself security wise.

Probably no one going to read this but I vote for Strongbox on Apple platforms. While Strongbox itself is Apple only, KeePass on Windows is the official version anyway and is fully compatible. There is both a subscription option and a lifetime purchase option. The developer is responsive and good.

Oh and don’t keep your passwords in a spreadsheet, use a password manager. It’s best if you manage your password database yourself if you know what you’re doing. If you really want someone else to store it for you, Bitwarden is probably the best bet.

Of course we are reading. Everyone interested in the topic is and have been following for sometime. Thanks for sharing your opinion and the solution you settled on.

 

[HDFan]

Talk about sleazy business behaviour, I thought as they update the app for security fixes the extension will be updated too?!

Why should they do updates when High Sierra OS hasn't been supported for 2 years? Not financially viable for such a small number of users.

 

[it wasnt me]

A quite interesting alternative, in my opinion, is gopass which uses the pass format to store passwords in GnuPG-encrypted text files which could, in theory, be stored in a repository.

Browser and iPhone integrations are rather solid, the most notable disadvantage (and the reason why I still use KeePass/MacPass) is that the file format requires to have the name of the sites (or passwords) stored in plain text, so if anyone gains access to your password collection, it is clear where you are registered even without being able to decipher your credentials.

 

[MacBH928]

Why should they do updates when High Sierra OS hasn't been supported for 2 years? Not financially viable for such a small number of users.

Not the app itself, I meant the browser extension which should not matter on which OS it runs. Will they keep supporting the extension to work with 1PW7 app or not?

- Not giving continued support for 1PW7 (License) + Extension = OK
- Giving support for 1PW7 + Extension = OK
- Updating the 1PW7 app + not the extension = Not OK

The reason being this makes them sound like the good guys for supporting 1PW7 but what really is happening is that its not going to work with the extension making it crippled. In addition, my understanding is, the extension is a high security risk point of failure. If one continues to use the extension without being updated AgileBits will come out with the excuse "Oh, thats because you were not subscribed to our service. You have to subscribe to always be secure. Its your fault"

I rather have it straight forward:-

1)We will continue to give security fixes for 1PW7+extension for the next 5 years.

2) We completely abandoned 1PW7 and no longer responsible for its security. If you wish for continued support, subscribe to our service.

 

[bradl]

Why should they do updates when High Sierra OS hasn't been supported for 2 years? Not financially viable for such a small number of users.

Security updates to the application do not depend on security updates for the OS. If there is a security issue in 1PW 7, I would expect Agilebits to update the application to fix that problem, and make sure that it works on the operating system they say it works on.

If I remember right, 1PW 6 got a security update to 6.8.9 a good year to year and a half after Sierra was marked as obsolete by Apple.

BL.

 

[MacBH928]

Security updates to the application do not depend on security updates for the OS. If there is a security issue in 1PW 7, I would expect Agilebits to update the application to fix that problem, and make sure that it works on the operating system they say it works on.

If I remember right, 1PW 6 got a security update to 6.8.9 a good year to year and a half after Sierra was marked as obsolete by Apple.

BL.

to be fair, for licenses applications, the vendor is not responsible to give continued updates after the sale is done. Sure it is nice and gives them better reputation, but from "fair" point of view I wouldn't expect to pay for an app now and continue to have updates for the next 10 years. I would like for the developer to give a complementary 1 year of free security+features updates, preferably 5 years of security updates.

If continued security updates is required, I would have to side with the subscription model, now its more of a service than an app. Then again, are these security updates real risks or highly theoritical situations? All apps keep sending weekly security and bug fixes updates. In reality, I never heard some one got hacked because of a security hole in any 1 app.

For other apps like music players and word processors I wouldn't care for any updates (unless the app is sold bugged and malfunctioning) but given that a password manager is high security risk app its dangerous to keep using it if it has security holes.

My personal plan is if I get free security updates for the next 5 or so years I will buy the new updated app every 3-4 years so I will always have security fixes.

 

[it wasnt me]

For other apps like music players and word processors I wouldn't care for any updates

Music players need new file formats every now and then.

 

[bradl]

to be fair, for licenses applications, the vendor is not responsible to give continued updates after the sale is done.

To a degree. If they are selling a product, they would also be responsible for the support of that product. It is their product, after all.

Sure it is nice and gives them better reputation, but from "fair" point of view I wouldn't expect to pay for an app now and continue to have updates for the next 10 years. I would like for the developer to give a complementary 1 year of free security+features updates, preferably 5 years of security updates.

If continued security updates is required, I would have to side with the subscription model, now its more of a service than an app. Then again, are these security updates real risks or highly theoritical situations? All apps keep sending weekly security and bug fixes updates. In reality, I never heard some one got hacked because of a security hole in any 1 app.

For other apps like music players and word processors I wouldn't care for any updates (unless the app is sold bugged and malfunctioning) but given that a password manager is high security risk app its dangerous to keep using it if it has security holes.

My personal plan is if I get free security updates for the next 5 or so years I will buy the new updated app every 3-4 years so I will always have security fixes.

The bold is the reason why they are keeping security updates going. Additionally, because they do say that they are lifetime licenses, and have not given any type of EOL for those versions, that justifies the reasoning behind still providing security updates for those versions. Now, if they give EOL on those versions, then you're stuck with having to get a newer version for those updates.

Take the Microsoft or Red Hat Enterprise Linux take on this: They release software, you buy it, they support it. They support it until a given date (that they set arbitrarily) for it becoming obsolete in lieu of a newer version being released, in which at that point, they will only provide critical/security updates. When that given date comes to pass, it becomes EOL, and effectively abandoned. Your license to install it will still work, but you won't receive any updates on it because of it being designated EOL.

1Password hasn't done such a thing; because of that, the older versions are considered still supported for security updates. That's a good thing, considering 1Password 6 was released 6 years ago.

BL.

 

[MacBH928]

Music players need new file formats every now and then.

There is like a new music format like once in every 10 years. mp3 was around since like 98 and still in use. If you want new format support then buy the new release or subscribe I guess.

To a degree. If they are selling a product, they would also be responsible for the support of that product. It is their product, after all.

Not really. They sell the product as is. Any future updates you have to buy again or given complementary by the developer. I bought CrossOver and they give like 0 updates since the day of purchase. They have changed that now to 1 year of free updates.

They can support the product but not the version you bought, just the current one on sale unless promises made at the time of purchase. Each developer has different strategy.

The bold is the reason why they are keeping security updates going. Additionally, because they do say that they are lifetime licenses, and have not given any type of EOL for those versions, that justifies the reasoning behind still providing security updates for those versions. Now, if they give EOL on those versions, then you're stuck with having to get a newer version for those updates.

Take the Microsoft or Red Hat Enterprise Linux take on this: They release software, you buy it, they support it. They support it until a given date (that they set arbitrarily) for it becoming obsolete in lieu of a newer version being released, in which at that point, they will only provide critical/security updates. When that given date comes to pass, it becomes EOL, and effectively abandoned. Your license to install it will still work, but you won't receive any updates on it because of it being designated EOL.

1Password hasn't done such a thing; because of that, the older versions are considered still supported for security updates. That's a good thing, considering 1Password 6 was released 6 years ago.

BL.

Are you saying that because 1PW sold 1PW license lifetime they are responsible for supporting it forever because it does not have EOL? I really do not imagine AgileBits still sending security fixes in 2035 for that one guy still using Mojave somewhere in the world (There are still people going online with Snow Leopard)

EOL is a very nice concept for buying licensed software so you know until when you can get updates and not pull the plug on you.

 

[it wasnt me]

There is like a new music format like once in every 10 years.

Enjoy your 10-year-old music player with the currently hyped Opus and WebM media file formats.

Are you saying that because 1PW sold 1PW license lifetime they are responsible for supporting it forever because it does not have EOL?

Because that's exactly what you expect from a password manager: Suddenly being left alone by the developer.

 

[bradl]

Not really. They sell the product as is. Any future updates you have to buy again or given complementary by the developer. I bought CrossOver and they give like 0 updates since the day of purchase. They have changed that now to 1 year of free updates.

I recall getting a couple of updates with CrossOver when I bought it in 2012, but that was honestly the last time I grabbed any updates for it as it had the Windows application I was using working perfectly. It wasn't until that application was rewritten in .NET that screwed that up.

They can support the product but not the version you bought, just the current one on sale unless promises made at the time of purchase. Each developer has different strategy.

Again, that all depends on what was supported at the time it was bought. Yes, that can be arbitrarily set by the developer at the time of release, but they need to have that spelled out in some sort of terms of agreement prior to purchase. If it is, and the consumer buys it, then the consumer is SOL. If it isn't and the consumer buys it, then there is a case to be made against the developer.

Are you saying that because 1PW sold 1PW license lifetime they are responsible for supporting it forever because it does not have EOL? I really do not imagine AgileBits still sending security fixes in 2035 for that one guy still using Mojave somewhere in the world (There are still people going online with Snow Leopard)

EOL is a very nice concept for buying licensed software so you know until when you can get updates and not pull the plug on you.

That's why right now it is advantageous to the user who bought 1PW 6 or 1PW 7 to keep that running, at least because of those security updates. Since they haven't given those EOL nor have explained anything about the life cycle of 1PW 6 and 1PW 7, they are still giving them security updates (their words on their site). Again, they aren't supporting it, but are still giving them security updates.

When they give those versions EOL (which would effectively stop giving them security updates), then the user will be SOL.

BL.

 

[lostPod]

Probably no one going to read this but I vote for Strongbox on Apple platforms. While Strongbox itself is Apple only, KeePass on Windows is the official version anyway and is fully compatible. There is both a subscription option and a lifetime purchase option. The developer is responsive and good.

Are they made by the same people?

 

[rmadsen3]

Are they made by the same people?

No. Different developers. And that's a good thing.

Each developer (of a KeePass-compatible password manager) puts focus on a different set of features. Users have the option to use some apps for some tasks, other apps for other tasks. For instance: Strongbox looks to be good as a 'daily driver' KeePass client but it doesn't yet have support for saved searches, a feature that KeePassXC added recently.

 

[Apple_Robert]

Are they made by the same people?

Strongbox is a solid app. I got the Mac and iOS versions (one time payment) when they were on sale. I like that I have option to be prompted to backup my vault to wherever I want, amongst other features.

 

[lostPod]

Strongbox is a solid app. I got the Mac and iOS versions (one time payment) when they were on sale. I like that I have option to be prompted to backup my vault to wherever I want, amongst other features.

Strongbox your main password manager?

edit: where is the vault hosted?

 

[MacBH928]

@MisterSavage

I finally got the drop down menu autofill working in Bitwarden. Its pretty easy if you know what you are doing. You have to open the developer menu and choose inspect element . Hoover over the fields and dig deep into the code tables until you find the id of the field. Copy it and paste it as a new custom field name and choose text as input.

This is a killer feature right there. I didn't see any other password manager that has this ability.

and you are right about the autofill shortcut, I got used to the cmd+shift+L and I forgot about cmd+\

I recall getting a couple of updates with CrossOver when I bought it in 2012, but that was honestly the last time I grabbed any updates for it as it had the Windows application I was using working perfectly. It wasn't until that application was rewritten in .NET that screwed that up.



Again, that all depends on what was supported at the time it was bought. Yes, that can be arbitrarily set by the developer at the time of release, but they need to have that spelled out in some sort of terms of agreement prior to purchase. If it is, and the consumer buys it, then the consumer is SOL. If it isn't and the consumer buys it, then there is a case to be made against the developer.



That's why right now it is advantageous to the user who bought 1PW 6 or 1PW 7 to keep that running, at least because of those security updates. Since they haven't given those EOL nor have explained anything about the life cycle of 1PW 6 and 1PW 7, they are still giving them security updates (their words on their site). Again, they aren't supporting it, but are still giving them security updates.

When they give those versions EOL (which would effectively stop giving them security updates), then the user will be SOL.

BL.

I understand lifetime license as in "You can use the app forever as is" but if its as you say that it also means "you get support and no EOL" then its a very dangerous word to use from a developer point of view.

Are they made by the same people?

There is a password vault format called KDBX which can work with multiple password managers app. So you can have your passwords in that vault format and apparently have an app for mobile (ex. Strongbox) and different app for desktop (ex. KeePass) and they will work together and sync. I never tested it but you can refer to the first post to see list of some of the apps that utilize that format.

 

[MisterSavage]

I finally got the drop down menu autofill working in Bitwarden. Its pretty easy if you know what you are doing. You have to open the developer menu and choose inspect element . Hoover over the fields and dig deep into the code tables until you find the id of the field. Copy it and paste it as a new custom field name and choose text as input.

This is a killer feature right there. I didn't see any other password manager that has this ability.

Agreed. They wrote a nice blog post about doing it.

Create custom fields in a few clicks | Bitwarden Blog

New option in the browser context menu enables creating custom fields in a snap.

bitwarden.com

and you are right about the autofill shortcut, I got used to the cmd+shift+L and I forgot about cmd+\

Yes! I used 1Password for years and that shortcut was burned into my brain, but if you keep using the new one over and over eventually I stopped using the old one and always put in the BW one first.

 

[CarAnalogy]

Are they made by the same people?

No. KeePass is an open source project, and that project created the password database format. The Strongbox developer implements that format. The only compiled application from the official project is the Windows program, but the format is free to use and so the Strongbox developer made a program for Apple platforms.

There are many other applications of the project for many platforms, including ones that work on Apple platforms, but Strongbox is the best of those.

 

[Apple_Robert]

Strongbox your main password manager?

edit: where is the vault hosted?

It can be in iCloud or stored locally on your devices.

 

[bradl]

I understand lifetime license as in "You can use the app forever as is" but if its as you say that it also means "you get support and no EOL" then its a very dangerous word to use from a developer point of view.

That is exactly the point, and why its lack of it leaves AgileBits on the hook for some time, at least as far as security updates go. The kicker here is that for the scope of security updates, those updates are in and of itself, support. For example, if a user find a security bug in 1PW 6.8.9, that user isn't responsible for patching that security vulnerability, as AgileBits will be on the hook for that (again, their words on their site). They will need to provide the patch for that vulnerability, and, seeing how this is getting nested, provide support for that patch (read: if the patch fails to fix the vulnerability, or worse; inadvertently creates another vulnerability, they will need to patch that as well).

See the problem? Since they haven't given those versions EOL so they can be free to drop all support for them (mainline, security updates, or otherwise), that still puts them squarely responsible for the application, and specifically the security updates for that application. And as that license for it is perpetual, since they haven't listed anything EOL, those security updates are perpetual as well.

BL.

 

[gregmac19]

Strongbox only has AutoFill for Safari, and it is not clear what you need to do if you are using other browsers.

For fans of Strongbox, why would I choose this password manager over Codebook? (I realize that Codebook also only has AutoFill for Safari, but I find that Codebook's Secret Agent autofills just fine.)

 

[rmadsen3]

Strongbox either now has- or will have extensions for other browsers. macOS version has those extensions now. iOS either now, too, or coming soon.

[I like Strongbox. I don't yet use Strongbox. I'm looking to switch--soon--from 1Password v7.]

Strongbox appeals to me for two reasons: (a) KeePass file format (kdbx) works with several apps in addition to Strongbox. (b) KeePass has a critical mass and Strongbox is on the rise.

Lots and lots of people are buying- and using Strongbox. I think it'll be around for a while and I think the developer will put good effort in to development. In my opinion: Codebook is obscure--fewer users? slower growth?--so if you're looking for it to gain features, well that's not a sure thing. I want my password manager to be an app that very many other people use. I want my password-database file format to be one that more than one app uses.

[N.B. These priorities of mine come directly from the 1Password change to sub-only pricing. I've got a lot of data in 1Password and it feels as if I'm being held hostage. Maybe some apps are flashier than is Strongbox/KeePass but after this 1Password debacle I want to always have options when it comes to apps managing my data.]

It's my opinion that all current apps have one shortcoming or another. For instance macOS autofill apps (e.g., Strongbox, Minimalist) are limited by Apple constraints (e.g., no creating a new password-manager item by right-clicking in a password field?)... 1Password v7 is great but it's no longer buyable... 1Password v8 takes away features such as smartfolders... Secrets has good featureset and it's not tied to macOS autofill but still it, too, has no functionality for creating database items on the fly... I've looked at Codebook but I've not ever used the app; it's my understanding that Codebook does not allow for creating smartfolders (saved searches based on multiple criteria), which for me, is a dealbreaker... In summary: They're all bad, but in different ways.