Yes, but the difference is I don't use my cloud server outside my lan. It is completely cut off from the internet.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password migrants thread
- Thread starter MacBH928
- Start date
- Sort by reaction score
I don't doubt you've considered the risks of home storage, but everyone needs to be aware of them. A home fire could destroy all your backups. A home theft would likely involve your computer equipment and potentially result in distribution of your vaults.
Certainly for the first hazard, one has to have multiple physical locations for storing the vaults, with no internet used to make the transfer. For the second hazard, the user has to be sufficiently sophisticated to ensure the devices used are thoroughly secured - ideally at the quality level of 1Password where very long secret keys combined with passwords are used.
That assumes no offsite backups, nor the ability to restore from a client…which I have both. That said, yes, backups are very important.
As for the theft, it’s encrypted.
Good points.
As soon as someone does an offsite backup to a cloud provider, then they are somewhat in the same boat as people using the password provider's cloud storage.
Have been a habitual purchaser of 1Password licenses for as long as I can remember. I'm still using 1Password 7 on a perpetual license and have now started to migrate to iCloud Passwords. I exported my passwords to .csv file and imported them into iCloud password. This procedure worked very well. Have now turned off the 1password extension in Safari and am testing now. So far the transition has been very smooth. Am slowly transferring my software licenses and secured notes to secured Apple Notes as well.
Will test for a few months. So far it seems like the native iCloud passwords solution seems to be quite robust. Waiting for Sonoma to test out the Chrome extension for iCloud Passwords as that's the only other browser I use occasionally.
Will test for a few months. So far it seems like the native iCloud passwords solution seems to be quite robust. Waiting for Sonoma to test out the Chrome extension for iCloud Passwords as that's the only other browser I use occasionally.
Last edited:
Yes, you are correct, I was assuming a commercial cloud provider, not setting up your own
Food for thought: I have a license with 1password for multiple macs (its the legacy software before their enforced account process: they have publicly stated that our previously bought licenses are good). Well, this week I tried to install it on a new mac and found the software is no longer publicly available either on the mac app store or on their website, so I asked customer services to send me a link to download the classic app (which, just to confirm, works absolutely fine). Customer services refused. And do be assured, the software is available and still receiving regular updates on my other mac. They were perfectly happy to leave me high and dry, unable to access all my passwords. In my case, it happened to be because I was adding the software to a new mac, but it could have been a clean install on the only mac I owned. They didn't ask, didn't care. Just wanted me to get my wallet out and pay for something new. That, for me, is a big eye-opener. It made me realise that if these guys pull the plug one day and everything is in their cloud, we are stuffed! We are just basically holding on to their goodwill but apparently, customer service is a bit like the red dot in 2001 A space odyssey
Here's my thought
there's a difference between supporting existing deployments and allowing installs on a discontinued product.
I'm not really defending 1PW or their customer support but I can see them not permitting new downloads to a product that was discontinued but providing support for that same product. A time is coming where 1PW will not be updating older apps and it will stop working and/or risky due to lack of security updates.
Actually in googling for this post, I see that the classic extension supposedly stopped working in July 2023, so the writing is on the wall. Move off the current version of 1PW and either upgrade, or find an alternative.
As for yourself, why can't you copy the application to your applications folder on the new mac?
Yeah I’m not too bothered about my specific circumstance. I found the software on another website so I was able to manage. But the point is you are exchanging one risk for another. Imagine that one day the pricing goes through the roof or the app is again discontinued, or indeed the rules change in any way whatsoever. You’re stuck. So for me the fact that their customer service were willing to leave me high and dry is very telling. That is the lesson for me, not the detail but the general message
They didn't ask, didn't care. Just wanted me to get my wallet out and pay for something new. That, for me, is a big eye-opener. It made me realise that if these guys pull the plug one day and everything is in their cloud, we are stuffed! We are just basically holding on to their goodwill but apparently, customer service is a bit like the red dot in 2001 A space odyssey
This is a main reason why I left 1password. Their business tactics I believe are evil and not friendly towards the paying customer.
The question is, is the data (passwords) stored on their servers or they stored locally just synced via their servers?
If this means : no internet -> no passwords , things are getting pretty scary because I store a lot more than just website logins in my password manager.
If you purchased the software they should always have a copy to download it again even if its no longer supported. Otherwise it feels like an aggressive behaviour.
That being said, I am not sure how this has been handle throughout software history. Once a software vendor no longer sells an app, do they keep a download link for those who purchased previously or is the general behaviour is "We gave you the app on purchase date, we are not responsible to re provide it for you" ?
My patience is growing thin with Enpass. I can no longer recommend it. It works and everything as usually but the quirkiness the developer is extremely unresponsive about it quirkiness and there is hardly any improvements or advancement. It feels like they released a piece of software and trying to suck as much money out of it without any further improvements.
Unfortunately, its the closest software to mimic 1password features. I was really hoping the developer would grab the opportunity and collect most 1password migrants but it really feels like they dropped the ball.
Currently I am mostly using it for the mini assistant and I am considering Codebook for that.
Unfortunately, its the closest software to mimic 1password features. I was really hoping the developer would grab the opportunity and collect most 1password migrants but it really feels like they dropped the ball.
Currently I am mostly using it for the mini assistant and I am considering Codebook for that.
I wouldn't run a password program that you found on a website that wasn't run by the creator of the program. There's a chance that the software will have a trojan horse in it and steal your passwords after you use it to unlock your vaults.
I think it's pretty reprehensible that 1Password won't support you in providing a copy of a program you have a license for. They surely have a copy. I would make this situation public on their forums.
There is a local copy that gives you offline access to your passwords. They also have a thorough local backup process. I make backups (to CSV and to a file in their own format) to a local encrypted volume after I've made password changes.
Well the point is though, it’s still being supported; there was an update a couple of days ago so it quite obviously is available. They made a choice not to make it available to me even though I have a legit license. Judge yourself.
And then save it into an encrypted disk-image (Truecrypt is open-souce and free)
You might find a good alternative to Enpass if you quit trying to find software that looks and operates like 1Password. That mindset strikes as odd, given you left 1Password.
I believe what he is (and most people are) looking for, is something as feature-rich as 1PW, but without the network (read: cloud) requirement, and possibly without the subscription model. To date, Enpass is the closest to feature rich as 1PW without the subscription model, and as such would be in the best position to pick off those customers who are upset with 1PW and their current machinations.
BL.
I believe he has been looking for a 1Password clone, if you look over his post history in the thread. That is why he went with Enpass, if I am not mistaken.
Exactly what @bradl ,
I do not see a problem of finding an alternative with similar features. Its not something new in the software world.
- Browsers
- Text Editors
- E-mail providers
- Word Processors
- Torrent downloaders
- Instant Messaging apps
and others all pretty much do the same thing with similar feature set.
Just to prove I am not looking for a 1password "clone" here are some 1password features I can do without.
- Phantom wallet integration
- Privacy.com integration
- Fastmail.com integration
- File attachments
- Family accounts
- Watchtower
- SSH key generating
- Passkeys
- Emergency Kit
Apparently, the patch Apple released for Ventura, Monterey, iOS, and iPadOS weren't the only ones affected by the bug and CVE that the update fixed.
Browsers were affected by it, since the issue was malware that could be embedded in an image; as such, 1Password is also affected.
www.digitaltrends.com
Makes me wonder if any other password managers that handles images are also affected.
BL.
Browsers were affected by it, since the issue was malware that could be embedded in an image; as such, 1Password is also affected.
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
Researchers have found a critical security bug that affects a huge range of websites and apps. If left unpatched, it could give hackers free access to your PC.
www.digitaltrends.com
Makes me wonder if any other password managers that handles images are also affected.
BL.
Hi Brad,Apparently, the patch Apple released for Ventura, Monterey, iOS, and iPadOS weren't the only ones affected by the bug and CVE that the update fixed.
Browsers were affected by it, since the issue was malware that could be embedded in an image; as such, 1Password is also affected.
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
Researchers have found a critical security bug that affects a huge range of websites and apps. If left unpatched, it could give hackers free access to your PC.
Makes me wonder if any other password managers that handles images are also affected.
BL.
Thanks for the info!
Although I read the article and some of its references, I am having trouble understanding this exploit relative to password managers. However, it seems like the problem would only affect those who connect to a server for their password information. Is this correct?
Thanks,
Greg
You're correct, but there is more to it. 1Password can actually store images as well; if that image is a WebP image, and contains the malware, then that malware could contain the means to expose your data in your vault, or even send that data elsewhere. The excuse of "well, my vault is encrypted" wouldn't matter, because the image - and by extension, the malware in the image - would already be in the vault, so encryption wouldn't matter.
BL.
So the problem in the image format that has this exploit? or the software that interprets this image and displays it?
if its in the software then all apps and all OSs should update, what a mundane task. This sounds like 90s hack where you open a file with a virus from your email and it takes over your computer. I thought we were past this already.
It's in the codec for the image, so effectively the image format. This means that any image that uses that codec for rendering could host the malware: like a trojan. Because various software (including operating systems) has the means to render that image, they all would be vulnerable to that method of attack; therefore, all software (operating systems, applications, mobile apps, etc.) would need to be updated.
BL.