1Password migrants thread

[johnkree]

That's not wrong, developers have bills and they want to get paid a salary. I think many people in the open source world take a decidedly poor view of profiting from your work. I'm not saying your one of those, but rather an overall theme for many people. Even BitWarden has to make enough money off of its subscriptions, in order to keep staff employed.

Sorry but I really can't hear it anymore. This is the number one argument for companies going subscription only, this is the number one argument for paid DLCs in gaming. Developers have to pay their bills. As if all of a sudden there are just poor developers at every corner who don't know what to do if they don't get immediately paid for every scrap of code they submit into the aether. It is a career decision. If I am a good developer and work for Microsoft or a big company I will get my monthly paycheck. If I am a freelancer then the income is not as reliable. This was very clear in the last decades and it is very clear for any other business branch. But nowadays we suddenly have a lot of friendly neighborhood developers who had suddenly success, like 1Password, Ulysses, Fantastical,... name it. They grew fast because they had a good product or a niche product and made a good UI and boom, they grow and grow and grow and want to grow forever. They either get more and more greedy or they can't afford the classic system anymore because they got too big too fast.
How can it suddenly be ok to sell a product and to stop support for it within a year, forcing the customers who paid full price to upgrade because of a simple browser addon? This is ridiculous.

Regarding FOSS:
It is a misconception that FOSS developers are poor and don't get paid for their work.
There are several ways that developers of open source software can get paid for their effort:

1. Crowdfunding
2. Donations
3. Consulting or Support Services
4. Sponsorship
5. Grants
6. Selling add-ons or plugins
7. Dual Licensing

Linux wouldn't be there without money.

That's not entirely true, the open source landscape is littered with abandoned projects, untouched code or components left to whither on the vine.

Yes. I also said popular. Sure, maybe it will be forked. Maybe it will be just kept barely alive. But I'm sure a popular FOSS wouldn't be suddenly abandoned by everyone just because a browser plugin stops working.

I worry that somehow the data get corrupted on my device or their servers and that "secret key" gets corrupted and now I am locked out of the app without all my passwords! I am sure they have something in the EULA or ToS that protects them from this.

There are so many things that can go wrong. Or better: Everything than can go wrong will go wrong.

thats 40% more

Yea, crazy, right? But there are so many more eyes on the code and maybe even more motivated people that bleed for their project and aren't just an employee doing his or her job.

TBF, I don't expect to pay once and get lifetime support especially for the browser extension since browsers are updated so often but I was hoping I would keep the 1pw and and get the extension for free riding the wave of those subscribers paying 1pw for continuous support of it.

I don't either. If Things X comes out I will gladly pay again for it. And I don't expect the old version to run forever. But I expect at least a full year or two of usage. And that it won't being abandoned because a browser will change something and the plugin won't work anymore.

Eh...not really. I have to agree to what maflynn said below. I have seen abandonment hell on Github. Those "nerds" irritate me as they keep forking and initiating a project and abandoning it. IMO you either be serious about a project or help another one instead of forking on your own.

Yes. This might be a problem. Forking and splitting up resources is a thing. But I was talking about popular projects. VLC. Firefox. Thunderbird. And so on.

Johnkree probably means developers ditching the users who paid for the software. Users who bought the software expect it to keep working. We don't buy cars multiple times a year, so we shouldn't be buying software multiple times a year.

Exactly. I mean, it just adds up to their list of greedy actions they took. Apple isn't Steve Wozniak and Agilebits isn't the small company it was in 2011. Look at their marketing. They are huge. They have 500+ employees now. And they all want to earn a living. I get that. Constant growth is so important. I get that.

 

[maflynn]

Developers have to pay their bills.

Yep, they do

As if all of a sudden there are just poor

No one in this thread ever said they were poor, your exaggerations appears just appears to be there to mock another view point

If I am a good developer and work for Microsoft or a big company I will get my monthly paycheck.

Yes, but using a 2 trillion dollar company as your example doesn't really help you move the needle or prove your point.

If I am a freelancer then the income is not as reliable.

Agreed, but you failed to mention median, you provided the Max and the Min but not the median. There are many companies that have a one or two products, and given the release schedule if they were not on a subscription, they'd have have a huge influx in money on release day, and then it falls off until years later when the next release is. That sort of income swing makes it harder for medium size companies, like Agilebits to stay on an even keel. More to the point when working with financial firms and banks, those banks want to see consistent income, not wild swings.

In short subscriptions offers a consistent and measurable way to track and report income, so you can pay your staff, work with banks and financial firms.

It is a misconception that FOSS developers are poor and don't get paid for their work.

I never said they didn't make money. Cleary the market has already chosen the more effecient way to make money, like water they find the path of least resistance and most publishers find that subscriptions offers the best way for sustained income. There's not need to spend time begging for money, i.e., crowdfunding, donations. sponsorships, grants. I'm not saying any of those options are bad, but clearly most businesses have found better ways to to use their time then asking people for money (other then charging a price.)

 

[gregmac19]

I found the following article amusing: https://www.macworld.com/article/676307/how-to-know-if-your-mac-has-been-hacked.html

Here is the comical part:

You should also consider using a password manager, as this will allow you to have multiple, complicated login details across all your accounts without having to remember them. Here our recommendations are LastPass, 1Password, and NordPass.

 

[MacBH928]

Exactly. I mean, it just adds up to their list of greedy actions they took. Apple isn't Steve Wozniak and Agilebits isn't the small company it was in 2011. Look at their marketing. They are huge. They have 500+ employees now. And they all want to earn a living. I get that. Constant growth is so important. I get that.

hires 500 employees then say we need to turn into subscription because its no longer profitable to sell license 😂😂

Agreed, but you failed to mention median, you provided the Max and the Min but not the median. There are many companies that have a one or two products, and given the release schedule if they were not on a subscription, they'd have have a huge influx in money on release day, and then it falls off until years later when the next release is. That sort of income swing makes it harder for medium size companies, like Agilebits to stay on an even keel. More to the point when working with financial firms and banks, those banks want to see consistent income, not wild swings.

In short subscriptions offers a consistent and measurable way to track and report income, so you can pay your staff, work with banks and financial firms.

I disagree. Its a money management issue. If they will take the huge lump sum at release and spend all of it its their own mistake. My proof is that many businesses made tons of money selling software pre-2005 and they became millionaires if not billionairs and they didn't seem to have any problem with banks or financial institutions. You have to keep that money and divide it over the lifespan of yet another release or take it and expand into another market/app if you want to grow.

Don't get me wrong, if I had a software company I would be happy if everyone subscribed and paid me $1K monthly for my software but we have to reach a balance of what works for the user and the software vendor/developer

I never said they didn't make money. Cleary the market has already chosen the more effecient way to make money, like water they find the path of least resista.nce and most publishers find that subscriptions offers the best way for sustained income.

I partially disagree. They are riding the wave at first when people notice one or two apps they use are switching to subscription but soon they will realize people will cut them off and will find themselves in a dark place as people notice a higher and higher bill for software "rent". Only the strong and dominant will survive. I see 3 profitable scenarios:-

1) Major and complex software that is actually cheaper to rent than to buy outright like Adobe suite and MS Office.

2) Software used in a business. If your software saves me time, makes me more efficient, and makes me money I will gladly pay for it! I willing to bet most of those subscription services are relying on businesses not home users.

3) a small dedicated user base. I can see a scenario where a small group of people (2K?) pay $10 a month for a software they really like. At $20,000 monthly income maybe its enough to cover the payment of the 2-4 developers working on it.

There's not need to spend time begging for money, i.e., crowdfunding, donations. sponsorships, grants. I'm not saying any of those options are bad, but clearly most businesses have found better ways to to use their time then asking people for money (other then charging a price.)

I completely agree. I have seen many free+FOSS software begging for money including Wikipedia and Mozilla(Firefox). People are extremely stingy especially when they hear an app is "free" (magic!). Hardly any one donates or pays. Thats why I think Bitwarden and similar others have hit the sweet spot.

Then again, I feel a lot of it is the mistake of the community. They keep forking and dividing software and each new separate projects needs its own funding then donations are too diluted to give an effect. We don't need 10 browsers, 20 Office software varieties, 100+ Linux flavours, 15 email clients... The great thing about software is its build once and copy infinitely. If the community concentrate their efforts into a numbered of dedicated projects we all can live together nicely!

 

[MacBH928]

I found the following article amusing: https://www.macworld.com/article/676307/how-to-know-if-your-mac-has-been-hacked.html

Here is the comical part:

You should also consider using a password manager, as this will allow you to have multiple, complicated login details across all your accounts without having to remember them. Here our recommendations are LastPass, 1Password, and NordPass.

Journalist gotta eat I guess 🤣🤣

 

[Alwis]

hires 500 employees then say we need to turn into subscription because its no longer profitable to sell license 😂😂

And I still do not understand, why they would need 500+ employees for a Password Manager, even a good one. What are all these people doing? Probably 20 developers and 480 in sales...

 

[MisterSavage]

Telemetry being tested for addition to 1Password.

We're changing how we discover and prioritize improvements | 1Password

Learn about a new, privacy-preserving in-app telemetry system that 1Password is trialing with its employees.

blog.1password.com

1Password to Add Telemetry | Hacker News

news.ycombinator.com

 

[toasted ICT]

Oh lovely rainbow colors. How unique...

Through the keyhole: A look at our refreshed brand | 1Password

You may have noticed that 1Password has started to look a little different. Learn more about our brand refresh, and the philosophy behind it.

blog.1password.com

 

[MacBH928]

And I still do not understand, why they would need 500+ employees for a Password Manager, even a good one. What are all these people doing? Probably 20 developers and 480 in sales...

not even 20 , there are other password managers with probably 2-4 developers. SafeInCloud has like 1.

Telemetry being tested for addition to 1Password.

We're changing how we discover and prioritize improvements | 1Password

Learn about a new, privacy-preserving in-app telemetry system that 1Password is trialing with its employees.

blog.1password.com

1Password to Add Telemetry | Hacker News

news.ycombinator.com

Yup. The writing is on the wall. Its turning rotten.

I kind of have no problem they gather anonymous data to improve their apps although I do not see those who do have a better app than those who do not but with a closed source software there is just no trust on whats going on in the background.

Personally I am on Enpass and a little bit worried.

 

[MacBH928]

Hey I stumbled upon a new one, SplashID . MSecure seems to be finally released.

Oh lovely rainbow colors. How unique...

Through the keyhole: A look at our refreshed brand | 1Password

You may have noticed that 1Password has started to look a little different. Learn more about our brand refresh, and the philosophy behind it.

blog.1password.com

View attachment 2193603

I like how they glorify their app to make it sound like it something super complex to develop 🤣

 

[bradl]

Hey I stumbled upon a new one, SplashID . MSecure seems to be finally released.

I can vouch for UC Davis using SplashID, as it is being used by both IT and non-IT staff; it is all over the place there.

Good news for it is that it appears to be a universal binary, as minimum OS requirement for it is Big Sur, which is the first to support Silicon. the UI does look a lot cleaner than other alternatives out there (yes, I'm looking at you, Enpass, and a few others), so it is more appealing to the eye. It also does support standalone vaults.

What I don't know is if SplashID Pro is needed to sync between multiple devices (iOS, MacOS, Windows). If it is required, it looks like the Pro version uses the subscription model, so ugh..

I like how they glorify their app to make it sound like it something super complex to develop 🤣

Glorify their application while not listening to what their users want. That's an easy way to tell that they are being driven by sales and marketing instead of by listening to their user base and development.

BL.

 

[Alwis]

I kind of have no problem they gather anonymous data to improve their apps although I do not see those who do have a better app than those who do not but with a closed source software there is just no trust on whats going on in the background.

I do have problems with this. It starts with simple thinks like "lets see, how often our App is started" and some day a developer decides, that it would be nice to see which web sides I have passwords for (just to improve auto filling of course) or how long and complex my passwords are (to improve the UI).

Beside that, every new functionality introduces the risk of new bugs. Some years ago Netatmo had a bug that resulted in transmitting the WLAN password unencrypted to them. Allegedly that was some forgotten debug code. So how knows, what bugs 1PW my introduce with this feature and what a developer forgets to deactivate before shipping the application.

PW managers are all about trust and I trust more the less data is transmitted.

Glorify their application while not listening to what their users want. That's an easy way to tell that they are being driven by sales and marketing instead of by listening to their user base and development.

So what do the need telemetry for in the first place, just to have more things they can ignore because they know better... ?!

 

[gregmac19]

What I don't know is if SplashID Pro is needed to sync between multiple devices (iOS, MacOS, Windows). If it is required, it looks like the Pro version uses the subscription model, so ugh..

From the SplashID web page for the Free version:

One device only
No Sync
No Backup
No Record Sharing

 

[macsplusmacs]

Well said:

mas.to

mas.to

Electron app. Cloud-only vaults. Telemetry?

What a joke.

 

[bradl]

From the SplashID web page for the Free version:

One device only
No Sync
No Backup
No Record Sharing

But it also says this for their free version:

Step 1:
Sign up for free -- just enter your email address and set a password. Your password will be used to encrypt all your SplashID records, so make sure it's a good one. From now on, it's the only password you need to remember!
Step 2:
Sync your records any way you want - with Cloud, WiFi or no sync at all, and sync your records anywhere you want - on a phone, tablet, desktop, or browser.
Step 3:
Add records for your web logins, account numbers, credit cards, and more -- any bit of information you want to keep secure but have easy access to. You can include notes in your records and even attach photos or documents.

So it's a bit confusing as to what functionality is for which version.


Another bonus is this:

SplashID Safe - Best password manager

SplashID Safe

www.splashid.com

They state that all of their applications are native, so that is a huge bonus over 1PW with using Electron. The pricing gets me: SplashID Pro is a monthly or yearly cost, but the table they provide here saying that one would pay "one price", it implies a single cost. So is it a subscription or a single cost?

It now may be worth a message to support, because this does look like a good alternative; I just wonder how it handles imports/exports of a user's vault.

This seriously does look good, and if the answers are what I like, I may be adding this to my stable.

BL.

 

[gregmac19]

But it also says this for their free version:

Step 1:
Sign up for free -- just enter your email address and set a password. Your password will be used to encrypt all your SplashID records, so make sure it's a good one. From now on, it's the only password you need to remember!
Step 2:
Sync your records any way you want - with Cloud, WiFi or no sync at all, and sync your records anywhere you want - on a phone, tablet, desktop, or browser.
Step 3:
Add records for your web logins, account numbers, credit cards, and more -- any bit of information you want to keep secure but have easy access to. You can include notes in your records and even attach photos or documents.

So it's a bit confusing as to what functionality is for which version.

It now may be worth a message to support, because this does look like a good alternative; I just wonder how it handles imports/exports of a user's vault.

This seriously does look good, and if the answers are what I like, I may be adding this to my stable.

BL.

I think their website is borderline deceitful, as there is no way you are going to get syncing for free with SplashID. Is this the type of company you want to do business with?

I don't think it is a product that has been talked about on this thread, but eWallet looks interesting to me. I mention this because it seems you have soured on Enpass, and I guess Codebook.

 

[bradl]

I think their website is borderline deceitful, as there is no way you are going to get syncing for free with SplashID. Is this the type of company you want to do business with?

I don't think it is a product that has been talked about on this thread, but eWallet looks interesting to me. I mention this because it seems you have soured on Enpass, and I guess Codebook.

I haven't soured on EnPass, as it's my daily driver now. I just wish that they could improve the look of the UI. It works, and works great as a very suitable 1PW replacement. SplashID looks to be similar, but definitely more eye appealing. Plus if various 4-year accredited colleges are using it, it definitely can be deemed trustworthy. I just know that I couldn't ask anyone at, say, UC Davis on how much it costs, or what functionalities it has, because they are basically on the Pro or Enterprise version of the software, and are already getting full functionality.

BL.

 

[MacBH928]

I can vouch for UC Davis using SplashID, as it is being used by both IT and non-IT staff; it is all over the place there.

Good news for it is that it appears to be a universal binary, as minimum OS requirement for it is Big Sur, which is the first to support Silicon. the UI does look a lot cleaner than other alternatives out there (yes, I'm looking at you, Enpass, and a few others), so it is more appealing to the eye. It also does support standalone vaults.

What I don't know is if SplashID Pro is needed to sync between multiple devices (iOS, MacOS, Windows). If it is required, it looks like the Pro version uses the subscription model, so ugh..

Unfortunately, I crossed it out of my Book. No mini agent. Last blog post from 2018. Last updated from early 2022. It doesn't seem to have much activity around it.

Glorify their application while not listening to what their users want. That's an easy way to tell that they are being driven by sales and marketing instead of by listening to their user base and development.

BL.

They are not driven by sales nor marketing. They are driven by dumb corporate number crunching business graduate. They think they will release the product they like and feed it down the throats of the people. I have seen this many times before in my life like AOL, Blackberry, and Yahoo

I do have problems with this. It starts with simple thinks like "lets see, how often our App is started" and some day a developer decides, that it would be nice to see which web sides I have passwords for (just to improve auto filling of course) or how long and complex my passwords are (to improve the UI).

Beside that, every new functionality introduces the risk of new bugs. Some years ago Netatmo had a bug that resulted in transmitting the WLAN password unencrypted to them. Allegedly that was some forgotten debug code. So how knows, what bugs 1PW my introduce with this feature and what a developer forgets to deactivate before shipping the application.

PW managers are all about trust and I trust more the less data is transmitted.

And thus why I say, if they will collect data it should be FOSS. FOSS is the solution to every privacy concern. I just do not trust 1password any more, and while I am not a developer I really do not understand why they collect telemetry because for a very long time we had very good software that never collected telemetry AFAIK

 

[MacBH928]

I haven't soured on EnPass, as it's my daily driver now. I just wish that they could improve the look of the UI. It works, and works great as a very suitable 1PW replacement. SplashID looks to be similar, but definitely more eye appealing. Plus if various 4-year accredited colleges are using it, it definitely can be deemed trustworthy. I just know that I couldn't ask anyone at, say, UC Davis on how much it costs, or what functionalities it has, because they are basically on the Pro or Enterprise version of the software, and are already getting full functionality.

BL.

Enpass has a really good shot of eating out a pie out of 1password user base if they get their act together. All they need is some polish, some improvements, and some consistency .

 

[bradl]

Unfortunately, I crossed it out of my Book. No mini agent. Last blog post from 2018. Last updated from early 2022. It doesn't seem to have much activity around it.

Interesting you should say that, as SplashID 9 was just released this morning.

However, now it's a deal breaker for me:

SplashID Pro 9

SplashID Pro 9 brings to you seamless sharing with trusted users and groups, flexible record content, authenticator OTP code generation, productive information views and third party sign in using Google or Apple accounts. Try it and experience security.

www.splashid.com

The free plan is a single device, 25 records maximum, no syncing or sharing, and no automated backups. I'm okay with the backups as I backup my vaults to my Mac as well as to my NAS, and the backup both the Mac and NAS. But the syncing, number of records, and devices are a deal breaker, meaning that most users would have to go to the Pro version, which is a yearly cost.

Ugh; subscription models really do suck.

BL.

 

[toasted ICT]

Ugh; subscription models really do suck.

Yes they do.
And while folk keep paying subs it will never change.
Funny how subs and bad corporate ethics seem to frequently coincide.

 

[johnkree]

Yes they do.
And while folk keep paying subs it will never change.
Funny how subs and bad corporate ethics seem to frequently coincide.

It is a trend and a matter of time. I mean, it is all well and fun when people have a lot of money to throw at crypto and fancy software but suddenly everything is much more expensive and people are crumbling to have enough money for their rent, car and food. And then those blown up subscription companies will suffer.
As others pointed out: It's easy to employ 500+ people when there are good times.

 

[MisterSavage]

Bitwarden is working on adding support for Passkeys.

Bitwarden (@bitwarden@fosstodon.org)

Did you know Bitwarden is working on Passkey support? The team will share updates as they become available. Using passkeys on other platforms? Tell us about your experience and what you think could be better.

fosstodon.org

 

[bradl]

AgileBits/1Password wasn't hacked, but the optics for this look bad. But it does beg to ask the question: would any of this have happened if they still offered standalone vaults?

No, 1Password wasn’t hacked – here’s what really happened

1Password users recently got a worrying alert saying their password manager Secret Keys had been changed behind their backs. Yet all was not what it seemed.

www.digitaltrends.com

BL.

 

[maflynn]

Telemetry being tested for addition to 1Password.

Based on this thread: https://1password.community/discussion/139214/telemetry-function
It looks its going to be an opt-in setup, not a forced collection of usage.

Hey I stumbled upon a new one, SplashID

Now that's a blast from the past. I was using SplashID back in 2007, I actually forgot about its existence. If memory serves me, back in those early versions, it was more of a digital wallet that held your passwords. No integration to fill in userids/passwords. I think I stopped using it by version 4