1Password migrants thread

[drumcat]

The reason local vaults were removed was due to 1Passwords foray into the business sector. Without local vault compromise etc., businesses would be more willing to sign on. The private sector users are a casualty of 1Passwords new business focus, in my opinion.

There was never any reason to not make a "personal" and "business" product. They left all of us with buggy, unsupported 1p7 for those of us who ponied up for a perpetual license. I sorta wish it was a 5 year license to be more realistic, but between the often crashes, the removal of file saves over 5mb, and the inability to do anything but monthly, I was out.

Unfortunately, no one seems to be filling their niche well.

 

[Apple_Robert]

There was never any reason to not make a "personal" and "business" product. They left all of us with buggy, unsupported 1p7 for those of us who ponied up for a perpetual license. I sorta wish it was a 5 year license to be more realistic, but between the often crashes, the removal of file saves over 5mb, and the inability to do anything but monthly, I was out.

Unfortunately, no one seems to be filling their niche well.

1Password screwed me over with version 7 license which they changed to a sub without my o.k. I left after that happened and have been pleased with Strongbox and no sub.

 

[Mr. Heckles]

There was never any reason to not make a "personal" and "business" product. They left all of us with buggy, unsupported 1p7 for those of us who ponied up for a perpetual license. I sorta wish it was a 5 year license to be more realistic, but between the often crashes, the removal of file saves over 5mb, and the inability to do anything but monthly, I was out.

Unfortunately, no one seems to be filling their niche well.

They can easily make money off of the stand alone. If a person wants it, they get it. But if they need support, charge a fee then. I like 8 a lot, and you're right, no one seems to be filling their niche well.

With 1Password's secure notes, I can't do the same with StrongBox. I have a secure note that has all the logins for my Macbook, and you have to select to see the passwords. StrongBox won't let me do this.

 

[MacBH928]

For me, using Electron to write apps has a distinct whiff of laziness. It does a lot of the work for you, but IMHO the downsides outweigh the upsides.

1PW shouldn't be using Electron out of lazniess with their 400 employees, large user base, and subscription model. I do not know how difficult it is, but if writing 1 app that works universally across all OS's is nice especially for Linux folks who get left over (i am considering switch to Linux).

Iliumsoft eWallet is indeed interesting. I've been using it since 1997 (that's 26 years in case you missed math during the lockdown years). Can you imagine that? PalmOS and Blackberry and WindowsCE (oh my!). When a platform goes mainstream, Iliumsoft crosses to it and keeps current, incl. iOS, Mac, Windows and Droid (no eWallet for you 23 Linux desktop users). Can't wait to see how they render eWallet for visionOS. Ha! vOS is never going mainstream at $3500 just to dip a toe. Prove me wrong before a horse gets me. ("Uh, Mister 'Rat, sir, Meta would like a word.").

I can report non-stop reliability with these features:

• The working database stays on-device, encrypted with AES 256.
  • I've never had a migration error that put my credential stash at risk. One time, I got spooked, reached out. They replied immediately, to paraphrase: "Don't be a drama queen. Just click it; it'll be fine." I did. It was.
• Security integrates with the device (PW, TouchID, FaceID, CavityProbe.)
• Its "cloud synch" feature uses YOUR cloud drive - Google/DropBox/iCloud/OneDrive.Settings allow synch or overwrite in either direction, auto or manual.
  • I do not, will not, trust hosted cloud services to protect data. "Cloud" means it's not your computer, not your storage, your data is not your property, and you waive your rights or sue in court for tortious infractions.
  • Cloud app hosting hacks happen ALL the time, to varying degrees. CISA and FBI reporting regulations are vague enough that app hosting services can tap-dance around 90 percent of incidents, especially if they host off-shore.
  • When quantum tools get out of the lab, almost no service provider will be prepared for the impacts. One really shouldn't leave your data out of one's sight, waiting for it to happen.
  • Of course, Google/DropBox/iCloud/OneDrive have their own attach surfaces. There is no such thing as risk avoidance; best you can do is risk management.
• Peer-to-peer synch works across platforms, auto or manual.
• Cross platform feature parity, and I've used them all, from Palm Pilots to Sonoma and iOS 17 and Win 11.
• Credential records can be exported to new wallet files, or to text, so you can staple it to your will, in case a horse gets you.
• Can auto-enter passwords for web sites, more or less like Apple's Keychain.
  • I leave auto-entry to Keychain, manually copy important passwords from keychain to eWallet.
• NO SUBSCRIPTION (so far), no advertising embedded, free demo mode.
• The company is American, with no detectable foreign influence.

Iliumsoft seems to keep publicity on slow-burn. They have a presence on Facebook, but rarely post. eWallet hardly EVER comes up in trade discussions and comparisons. One must search and unearth it. And that's fine. Public sentiment is trustworthy only when it is organic. Hype-chained PR causes trouble, distorts reality.

too low-key for me to trust with the most important data I have.

I always like trying new apps incase of an emergency and I need to change, and I like to be ready. So the new password manager I am trying (again) is StrongBox.

When I last tried it, I don't remember seeing Google Drove and others to sync. I have it set up for only me right now and I have 3 months for free to play with it. I have 3 vaults right now, 2 are synced though iCloud and 1 synced though Google Drive. The one though Google Drive is my work vault and I am trying to find something that I can use on my Work computer that is for the web browser only (seeing I can't install programs on it). I found KeeWeb and it does the job, but it's not smooth, so I am open to suggestions. If I like this, I might switch everything to Google Drive so I can sync to my Linux computer.

My issue are my inlaws and parents. My kids and wife I think will get use to this, but I need to make it easy for the "old folks".

Its ugly, but Bitwarden is free and works super well . Best autofill i found. Have you considered it?

One thing that puzzles me and gives me pause though, is why they took the decision to keep customers' data on their servers anyway. What is the point of this? They must know that customers by and large feel safer with local vaults, so why not allow them to have them?

1- Excuse to make you pay monthly, because now its a "service" not an "app"
2- In all honesty, the seamless experience of cloud sync is much more convenient than have to manually sync especially for the less techy people.

1Password must surely read the comments and fears here: why don't they respond?

They do and afraid to respond because everyone exposed their business tactics but in all honesty a business is not responsible to chat over the web with their customers. Usually they have a dedicated forums for that and that is very acceptable.

What, if anything, does 1PW offer that I can't get anywhere else?

Well, what everyone else said here. Every other app has something but 1PW has it all in one package. For me the killer feature is the mini-assistant which I have hard time believing not many other people have a use for it. The only other PM that works in a similar way is Enpass which is what I am using.

It's more like what it used to have before it all went wrong, which I suspect is the bone of contention: a great UI, great password-saving and auto-filling functionality in a 'real' macOS app, as well as local vaults synced how the customer prefers. It had just about everything.

Now it's sluggish, "un-Mac" Electron, and mandatorily online vaults (why, no-one seems to know). I mean people are now (including myself) questioning 1Password's honesty and integrity going forward, and understandably looking for alternatives.

Correct. I was a 1PW preacher before they went evil. Albeit I have to say Bitwarden has better auto-fill and when it comes to trust FOSS will always win over proprietary.

The reason local vaults were removed was due to 1Passwords foray into the business sector. Without local vault compromise etc., businesses would be more willing to sign on. The private sector users are a casualty of 1Passwords new business focus, in my opinion.

I don't understand why they couldn't put an option that is like:
Sync with -> Cloud storage
Sync with -> Local file

seem a minor adjustment and makes everyone happy. Its a file being synced , be it local or online, just point towards it. Everything else should work the same. No?

I once had a Netatmo device that send my WLAN key unencrypted to the server of the manufacturer. The reason was a forgotten debug statement.

😳

There was never any reason to not make a "personal" and "business" product. They left all of us with buggy, unsupported 1p7 for those of us who ponied up for a perpetual license. I sorta wish it was a 5 year license to be more realistic, but between the often crashes, the removal of file saves over 5mb, and the inability to do anything but monthly, I was out.

Unfortunately, no one seems to be filling their niche well.

What did you settle for? Enpass is the closest thing to what 1PW was. I warn you, its not as smooth of an experience.

 

[Mr. Heckles]

I left after that happened and have been pleased with Strongbox and no sub.

I am trying StrongBox for fun and see what else is out there. How long have you been using it?

Its ugly, but Bitwarden is free and works super well . Best autofill i found. Have you considered it?

It's ok. If I was to go stay with a password manager that stores on their servers, i'll just stay with 1Password. I know I can host it, but I don't want to deal with that for a family. If it was me, ok then, but not a family. In the end, I'll probably stick with 1Password, but I am constantly trying different ones for fun.

 

[Apple_Robert]

I am trying StrongBox for fun and see what else is out there. How long have you been using it?

It's ok. If I was to go stay with a password manager that stores on their servers, i'll just stay with 1Password. I know I can host it, but I don't want to deal with that for a family. If it was me, ok then, but not a family. In the end, I'll probably stick with 1Password, but I am constantly trying different ones for fun.

Since 2020.

 

[ipaqrat]

I am trying StrongBox for fun and see what else is out there. How long have you been using it?

It's ok. If I was to go stay with a password manager that stores on their servers, i'll just stay with 1Password. I know I can host it, but I don't want to deal with that for a family. If it was me, ok then, but not a family. In the end, I'll probably stick with 1Password, but I am constantly trying different ones for fun.

FUD surrounding the latest 1PW hack story seems a bit... Overreactive? Obvz, skepticism is healthy and there are considerations for lifestyle and tradecraft. But the article about 1PW's tech support getting porked is actually a SUCCESS story of sorts. The hack was tertiary, handled without impact to core line of business, revealed due diligence, and lawfully reported. Given human society's level of IT maturity in general, that's pretty not-bad. Of course, there could well be more shenanigans we'll never know about.

 

[eltoslightfoot]

FUD surrounding the latest 1PW hack story seems a bit... Overreactive? Obvz, skepticism is healthy and there are considerations for lifestyle and tradecraft. But the article about 1PW's tech support getting porked is actually a SUCCESS story of sorts. The hack was tertiary, handled without impact to core line of business, revealed due diligence, and lawfully reported. Given human society's level of IT maturity in general, that's pretty not-bad. Of course, there could well be more shenanigans we'll never know about.

I have to say that I agree with this. I have my issues with 1Password's pricing structure, but this is an example of good security.

 

[Mr. Heckles]

FUD surrounding the latest 1PW hack story seems a bit... Overreactive? Obvz, skepticism is healthy and there are considerations for lifestyle and tradecraft. But the article about 1PW's tech support getting porked is actually a SUCCESS story of sorts. The hack was tertiary, handled without impact to core line of business, revealed due diligence, and lawfully reported. Given human society's level of IT maturity in general, that's pretty not-bad. Of course, there could well be more shenanigans we'll never know about.

Not overreacting at all, and that had nothing to do with it. I am constantly trying new apps all the time, especially password managers. If they (1Password) go out of business or anything, I want to ready to jump to something else.
StrongBox is the 1st one in a while that I am trying that is Keepass compatible and the 1st Keepass password manager I am trying since my parents and in-laws started to use a password manager.

 

[ipaqrat]

Not overreacting at all, and that had nothing to do with it. I am constantly trying new apps all the time, especially password managers. If they (1Password) go out of business or anything, I want to ready to jump to something else.
StrongBox is the 1st one in a while that I am trying that is Keepass compatible and the 1st Keepass password manager I am trying since my parents and in-laws started to use a password manager.

Sry, meant to reinforce your statement, not argue agin' ya. I know, rather unlike me. Surprise!

 

[svenmany]

My sense is that the real risk is always the software. If bad software is pushed out for any product, all bets are off. This applies to software that keeps vaults locally. Certainly, it malicious software is pushed out, credentials will likely be transmitted offsite.

 

[MacBH928]

Not overreacting at all, and that had nothing to do with it. I am constantly trying new apps all the time, especially password managers. If they (1Password) go out of business or anything, I want to ready to jump to something else.
StrongBox is the 1st one in a while that I am trying that is Keepass compatible and the 1st Keepass password manager I am trying since my parents and in-laws started to use a password manager.

If you are looking for local storage mSecure looks nice and there is StickPassword. If you ever give one a shot I would like to hear your opinion on it.

As we all know, when it comes to security, its not about the looks. I am afraid to trust a more obscure developer than a mainstream one.

 

[Mr. Heckles]

If you are looking for local storage mSecure looks nice and there is StickPassword. If you ever give one a shot I would like to hear your opinion on it.

No linux and they pulled a 1Password. People are mad at 1Password going subscription, but mSecure did the same thing with mSecure 6. It's the same price for family, but I get way more with 1Password (and linux). I don't care about the subscription, but I find if funny they did the same as 1Password and I barely see anything.

As we all know, when it comes to security, its not about the looks. I am afraid to trust a more obscure developer than a mainstream one.

You're right about looks vs security, but it also has to be user friendly. A mainstream developer has a lot more to lose also if they mess up. People will nitpick at them more and try to prove them wrong. It's like when I was a just a regular worker bee, I made a mistake, no one really cared....I only had my boss to worry about. Now in management and I make a little mistake, all the people below me will be quick to point it out... and I have to still worry about my boss at the same time. So now I have to be extra careful and make sure I do everything right.

 

[drumcat]

What did you settle for? Enpass is the closest thing to what 1PW was. I warn you, its not as smooth of an experience.

I got Minimalist while they sold perpetuals. They've yanked it, but since I did the work, I'm still on that. It's not great UI IMO, as they don't handle basic categories well, but I'm mostly worried there's going to be a deprecation just like 1P did. Writing is on the wall when they pull the perpetual.

I wish someone would look at the perpetual+ model where you get 2 years of updates, then you're frozen but it works. I'd be happy to sign up for that because the incentives are correct for everyone. Like Agenda does, and others of course.

 

[MacBH928]

No linux and they pulled a 1Password. People are mad at 1Password going subscription, but mSecure did the same thing with mSecure 6. It's the same price for family, but I get way more with 1Password (and linux). I don't care about the subscription, but I find if funny they did the same as 1Password and I barely see anything.

That was not a smart business decision. When you are competing you want to give a reason for people to switch. Giving same features as the competition with fraction of the user base is suicidal business. I bet if they sell a license they will gain much more users.

either way, I would still trust 1PW more. At least there they are multi-million worth and have professionals working. If mSecure shuts down I think barely any one would notice. Better safe than sorry.

I wish someone would look at the perpetual+ model where you get 2 years of updates, then you're frozen but it works. I'd be happy to sign up for that because the incentives are correct for everyone. Like Agenda does, and others of course.

2 years is too short. For $50-100 license I would like to see at least 5 years then you are on your own.

Subscription works well for business but not individuals. MS Office sells for like $60 or so for individual license and up to 5 computers installed but for business you have to buy a minimum of $8/user/M . Honeslty makes sense and cheap, you will get so much more worth out of MS Office for $8 doing business.

Also, when its subscription you don't want to drop $500 license in your business and find it not working on the next Windows/Mac OS upgrade, so subscription works better. Pay-as-you-go kind of thing.

 

[drumcat]

I wasn't trying to suggest more than a $20/year price. The point is still being a true subscription where you keep it as-is when you're done, instead of the normal rental process that's mislabeled a "subscription".

 

[bradl]

That's what I am using.
Is AgileBits actively updating it for security related issues? I haven't seen an update on my phones in a long time...
I haven't installed the Mac app on my new machine yet. Is it native Apple Silicon? Does it still receive security updates?

No. 1PW 7 is NOT native Apple Silicon. It is a FAT/Universal binary, for both Intel and Silicon. If you are still using that, especially as a standalone client, You're in the sweet spot. I'd suggest not migrating to anything else, as that binary will continue to work forever, as long as you keep the license key to your standalone client.

The last update with 1Password for Mac was 7.9.11, released July 2023. For iOS 7.10.2 was released February 2023. No security bugs mentioned in the release notes, more along the lines of deprecating standalone vaults and browser extensions. Watchtower still updates as does haveibeenpwned.com.

Version 7.x is working OK for me on iOS 17 and MacOS 14 using Safari.

If that update removes the ability to use standalone vaults, then the standalone situation is even worse now, which would force anyone who does not want a SaaS to hold/host their vaults to migrate. If one has a version of 1PW 7 lower than 7.9.11, I wouldn't upgrade from that; the ability to use your vault would outweigh any security updates for that version.

BL.

 

[svenmany]

The point is still being a true subscription where you keep it as-is when you're done, instead of the normal rental process that's mislabeled a "subscription".

That it's a mislabeling depends on what you think you're subscribing to.

If you think of it like a magazine subscription, where you can keep previously delivered magazines after you cancel your subscription, then your perspective makes sense. If instead you consider the functionality of the software as what you're subscribing to (which is how I think of it), then it's not a mislabeling. Just as with a streaming service, when you cancel your subscription, you no longer have access to the functionality it was providing.

 

[drumcat]

That it's a mislabeling depends on what you think you're subscribing to.

If you think of it like a magazine subscription, where you can keep previously delivered magazines after you cancel your subscription, then your perspective makes sense. If instead you consider the functionality of the software as what you're subscribing to (which is how I think of it), then it's not a mislabeling. Just as with a streaming service, when you cancel your subscription, you no longer have access to the functionality it was providing.

If I can introduce you to BusyCal, Agenda...

I get what you're saying; the goalposts moved. But a true subscription model exists. You keep what you buy, but you don't get new features.

When you went to a video store back in the day and rented a video, you returned it.
When you rent an apartment, you leave it.
When you subscribe to those stupid box-a-month things, you keep the things.

Marketing took the word subscribe and substituted it for rent, and we all accepted it.

It's not unique… the words altitude and elevation are another example of marketing evolving the definitions through brute force.

shakes_fist_at_cloud.gif

I get it. My dislike for this devolvement isn't going to change it. However, I can point out that there are working models where you can get a time-limited license that reverts to perpetual, and I think it's not only ethical, but the best way for non-SaaS to move. Traditional buy-once product models would do well to move to this true subscription.

I think the only thing that's really missing is good marketing word to describe this. That's because 'subscription' has already been misallocated.

How about stealing the word "residual" for this?

 

[svenmany]

If I can introduce you to BusyCal, Agenda...

I get what you're saying; the goalposts moved. But a true subscription model exists. You keep what you buy, but you don't get new features.

When you went to a video store back in the day and rented a video, you returned it.
When you rent an apartment, you leave it.
When you subscribe to those stupid box-a-month things, you keep the things.

Marketing took the word subscribe and substituted it for rent, and we all accepted it.

It's not unique… the words altitude and elevation are another example of marketing evolving the definitions through brute force.

shakes_fist_at_cloud.gif

I get it. My dislike for this devolvement isn't going to change it. However, I can point out that there are working models where you can get a time-limited license that reverts to perpetual, and I think it's not only ethical, but the best way for non-SaaS to move. Traditional buy-once product models would do well to move to this true subscription.

I think the only thing that's really missing is good marketing word to describe this. That's because 'subscription' has already been misallocated.

How about stealing the word "residual" for this?

I don't think it's marketing changing the definition of subscription. I like this excerpt from https://www.merriam-webster.com/dictionary/subscription

an arrangement for providing, receiving, or making use of something of a continuing or periodic nature especially on a prepayment plan

I think you define a software subscription as "receiving something of a periodic nature" - the software. You keep what you've received, the versions available during the time you were subscribed.

I define a software subscription to mean "making use of something of a continuing nature" - the software's functionality. You can't make use of it once you stop subscribing.

Two subtly different definitions, but both valid.

 

[twb01_98]

So as you know 1Password is forcing you to the subscription model which is something I refuse to pay for a simple piece of software that is basically a glorified password protected spreadsheet file browser. I am fed up of subscription model and greedy companies that abuses it. I have already paid license which I believe was $60 twice for an upgrade making the total $120.

Please share your experiences with trustworthy password managers. I have already tried Bitwarden, its an option but the GUI is ugly that could use real work and the browser plugin is just too much imo. I also didn't had an issue where if you have multiple accounts it will only auto fill the top one meanwhile 1password gives you the option to choose which one to use. Another thing is I want to store my password locally and not in the cloud, not sure why everyone is forcing a cloud account.

I could be wrong but LastPass seems untrust worthy, I heard a lot of shady issues with them.


---TL;DR---

After much research, these are the better options out there.
AgileBits is officially evil for me with dark pattern business behaviour.

The following are suggestions but not recommendations

--Multiplatform--

EnPass: near 1:1 replica of 1password, has license but I am scared they abandon it and turn evil in the future. But they just reintroduced it. ($40 on StackSocial over the regular $80)

Codebook: Autofills only in the Safari browser (LINK)

StickyPassword: looks promising but never tried it and don't know much about it.

SafeInCloud : Developed by 1 guy but seems popular

--FOSS--

ّ-Bitwarden : best FOSS imo but uses their cloud storage. You can use your own storage but complicated to setup.
( Bitwarden Mini Review )

---

All apps based on KeePass use same database file format (KDBX) and can sync with each other. Extensions, desktop, and smartphone apps:

-KeePass: Windows only (KDBX)

-KeePassXC Uglist and most unintuitive password manager I saw but works, desktop only (KDBX)

-Keeweb.info desktop only (KDBX)

-MacPass: mac desktop only (KDBX)

-Keepassium: Apple only (KDBX)

-KeePassDX : Android only (KDBX)


--If you don't mind subscription but don't want to deal with 1PW/Agilebits any more---

Roboform:- $23/year

Dashlane:- $60/year

PasswordBoss: $30/year

EnPass:- has subscription option for $24/year

Keeper:- $35/year

--If you are on Apple only devices---

-Strongbox (KDBX)
-Minimalist
-Secrets

all made by smaller teams nearly only 1 developer
---------------------------------------------------------------------------------------------------------

I'll probably get flamed for asking, but why not use keychain??

 

[MisterSavage]

I'll probably get flamed for asking, but why not use keychain??

I store other things besides passwords: credit cards, software license keys, etc. It's nice having my passwords on non-Apple devices when that need arises also.

 

[Coltaine]

I'll probably get flamed for asking, but why not use keychain??

I store other things besides passwords: credit cards, software license keys, etc. It's nice having my passwords on non-Apple devices when that need arises also.

I have indeed considered moving to iCloud Keychain altogether, but I have to agree with MisterSavage. iCloud Keychain can only store Passwords/Passkeys and OTPs, but no additional information. It is by far not as versatile as 1Password. Maybe if iCloud Keychain was made into a full-fledged standalone app with all the functionality of 1Password, I would consider moving.

 

[berb]

If that update removes the ability to use standalone vaults, then the standalone situation is even worse now, which would force anyone who does not want a SaaS to hold/host their vaults to migrate. If one has a version of 1PW 7 lower than 7.9.11, I wouldn't upgrade from that; the ability to use your vault would outweigh any security updates for that version.

1Password 7.9.11 can use standalone vaults, sorry if I described it poorly.

Release notes:

1Password for Mac Release Notes

 

[Alwis]

I have indeed considered moving to iCloud Keychain altogether, but I have to agree with MisterSavage. iCloud Keychain can only store Passwords/Passkeys and OTPs, but no additional information. It is by far not as versatile as 1Password. Maybe if iCloud Keychain was made into a full-fledged standalone app with all the functionality of 1Password, I would consider moving.

That and some other features missing in the Keychain and the fact, that the iCloud Keychain stores passwords in the cloud to, which is the reason why I am not updating to 1PW 8.