Attention! 1Password 7.8 update for iOS 15 makes it (almost) practically useless for standalone vaults!!

[Sebski]

And this is happening: new 1Password update for iOS 15 doesn't work for standalone vaults, only subscriptions.

I installed iOS 15 and then checked the apps update in the App Store. I updated all apps, including 1Password, to version 7.8. There was nothing mentioned in the release notes that it won't work on iPhone without 1Password subscriptions. That's so annoying!! Basically, that means 1Password in iPhone is now useless because you'd have to copy and paste passwords from the app. There's no way to fill any fields on any websites using Safari

EDIT: After checking other users complaining about that on the 1Password Forums, I found that the only way to restore its functionality (not sure if fully) is to enable AutoFill in iPhone's Settings. Much more convenient for me (and I reckon other users too) was to use the Share button at the bottom of Safari window.

Also, 1Password developers admitted that they're planning to drop support for standalone vaults in the future updates... "Standalone vaults is one of the features that needed to be left behind. As such 1Password 7 will be the last version of 1Password to support standalone vaults."
https://1password.community/discussion/comment/602340/#Comment_602340

 

[usagora]

Just posted this in another thread, but for those of you concerned about cloud-based vaults, just use this simple method and imo the "problem" is solved:

 

[Velin]

Thank you very much for posting all of this. I'm still using 1Password 6, I refuse to succumb to the "subscription" model for this type of software. And I also know most standalone licenses on 1Password are having all kinds of problems with the latest versions of OSX.

Am in the process of moving everything over to BitWarden. I hate what 1Password is doing, so I'm gone.

 

[hideous cheese]

I'm not having any new problems.

I too have desktop 6.8.9 (and won't be going to 8) and was able to sync to an iCloud vault for passwords and access it just the same when using Safari on iOS15 on my phone (which I set up new after a clean install)

I was concerned about it which is why I haven't updated my iPad yet, but I'm not experiencing any difference at all with the new 7.8 for iOS

 

[Velin]

I'm not having any new problems.

I too have desktop 6.8.9 (and won't be going to 8) and was able to sync to an iCloud vault for passwords and access it just the same when using Safari on iOS15 on my phone (which I set up new after a clean install)

That's good. So perhaps 1Password standalone is still good to go for iOS 15, at least if you are using AutoFill, as the OP reports.

However, I did read on Reddit that both 1Pass 6.8.9 and 7.8 were either not opening, or crashing, on beta OSX Monterey. And as you know, 1Pass has eliminated standalone license, and is now strictly subscription. I hate it. So, I decided to make the jump now to Bitwarden, in anticipation of OSX 12.

So Bitwarden it is. I did an export/import from 1Password to Bitwarden, it worked pretty good exporting vault as a *.pif file.

 

[Shirasaki]

One more piece of software that I will not bother purchasing or even trying out, just like those games wanting to keep their games exclusive to Apple Arcade. I’m sorry. But I don’t want to subscribe to anything that I only use once or twice per year that does not have alternative. Give me this package and I can live with that package for the rest of my life if I choose to. Devs, you can update all you want, but leave me alone.

 

[hideous cheese]

However, I did read on Reddit that both 1Pass 6.8.9 and 7.8 were either not opening, or crashing, on beta OSX Monterey. And as you know, 1Pass has eliminated standalone license, and is now strictly subscription. I hate it. So, I decided to make the jump now to Bitwarden, in anticipation of OSX 12.

I saw this also.

I think it was in beta 3 of Monterey that 6.8.9 started having problems. Its not clear to me if that was fixed by later Betas or if its totally broken now. I won't be updating to Monterey until I have clarity on this.

FWIW I'm probably going to migrate to Enpass when 1Password becomes too broken but I'm also keeping an eye on the new (and free) https://opensesame.vercel.app

 

[Velin]

FWIW I'm probably going to migrate to Enpass when 1Password becomes too broken but I'm also keeping an eye on the new (and free) https://opensesame.vercel.app

Thanks for pointing it out.

 

[usagora]

I must confess I have a really hard time understanding why some people are so up in arms about $2.99/month (about a dime a day) for such a crucial type of software that we use constantly throughout the day (at least I do). If I weren't a subscriber myself, reading some of these posts, I'd be thinking "Gee, how much is 1Password charging? $50/month?" LOL! While I understand there are some free pw manager software out there and others that offer perpetual licenses that are obviously "cheaper", a 1Password subscription is already cheap to begin with. So while I obviously respect everyone's personal choice, I just don't understand the animosity I sense in some posts (and not just in this thread) about their subscription model, as if AB was trying to bilk them for all they're worth.

 

[icanhazmac]

While I generally agree and HATE the subscription model 1password has been my one exception. I make myself feel better about it by reasoning that they offer not only cross-platform support but also support for multiple browsers, that cannot be a simple task when everyone is on a different upgrade schedule.

However, with the upcoming changes I may be dropping them in favor of keychain

 

[Wildkraut]

I must confess I have a really hard time understanding why some people are so up in arms about $2.99/month (about a dime a day) for such a crucial type of software that we use constantly throughout the day (at least I do). If I weren't a subscriber myself, reading some of these posts, I'd be thinking "Gee, how much is 1Password charging? $50/month?" LOL! While I understand there are some free pw manager software out there and others that offer perpetual licenses that are obviously "cheaper", a 1Password subscription is already cheap to begin with. So while I obviously respect everyone's personal choice, I just don't understand the animosity I sense in some posts (and not just in this thread) about their subscription model, as if AB was trying to bilk them for all they're worth.

2.99 here 9.99 there, 3.99 here and 19.99 there. Subscription sucks, period.
Apple is pushing the subscription model by developing iOS in a way old Apps starts to crash and become unusable, like a vicious circle of dependency. While at the same time devs have no way to offer decent software upgrades, and this drives them to offer subscriptions.

 

[NYCValkyrie]

While I generally agree and HATE the subscription model 1password has been my one exception. I make myself feel better about it by reasoning that they offer not only cross-platform support but also support for multiple browsers, that cannot be a simple task when everyone is on a different upgrade schedule.

However, with the upcoming changes I may be dropping them in favor of keychain

Agreed. I have a few apps I pay for subs on but 1P is that one that is most worth it IMO. It's so much more than just a password keeper. I started paying for it when I had to use a windows machine for work so they would sync but even though I don't work there anymore, I have kept the sub. It's good product and devs deserve to make a living.

 

[usagora]

2.99 here 9.99 there, 3.99 here and 19.99 there. Subscription sucks, period.

Subscriptions are just reality. Everyone needs to prioritize what they choose to subscribe to based on the value they see in the product for their own personal situation. If it's not worth it for you or you can't afford it, then obviously find another solution, but don't act like AG or other software companies are doing something wrong. It obviously works for them, and it wouldn't work if they didn't have plenty of people willing to pay the subscription price.

 

[Wildkraut]

Subscriptions are just reality. Everyone needs to prioritize what they choose to subscribe to based on the value they see in the product for their own personal situation. If it's not worth it for you or you can't afford it, then obviously find another solution, but don't act like AG or other software companies are doing something wrong. It obviously works for them, and it wouldn't work if they didn't have plenty of people willing to pay the subscription price.

True, subscriptions are a sad reality, good that there are still great pay once or free alternatives.
My condolences to the 1password subscribers… all i can say…

But yeah it’s your decision to burn your money as you like.
The nearly 3000€ that i would have to pay for 1password till my EndOfLife does not worth for me, I better invest it elsewhere.

There are also other nice ways to create passwords, e.g by using formulas with salt and domain name, etc. or password cards. That way you don’t even need a software.

 

[bradl]

I must confess I have a really hard time understanding why some people are so up in arms about $2.99/month (about a dime a day) for such a crucial type of software that we use constantly throughout the day (at least I do). If I weren't a subscriber myself, reading some of these posts, I'd be thinking "Gee, how much is 1Password charging? $50/month?" LOL! While I understand there are some free pw manager software out there and others that offer perpetual licenses that are obviously "cheaper", a 1Password subscription is already cheap to begin with. So while I obviously respect everyone's personal choice, I just don't understand the animosity I sense in some posts (and not just in this thread) about their subscription model, as if AB was trying to bilk them for all they're worth.

Why? People are more than concerned for the security of their passwords, especially in risking their trust in a SaaS. For example, over 29,000 customers use PasswordState, in a subscription model...


.. that is, until they got hacked, with passwords compromised:

Passwordstate users warned to 'reset all passwords' after attackers plant malicious update | TechCrunch

More than 29,000 organizations, including governments, use the password manager.

techcrunch.com

You're more worried about the cost, while others are worried about the safety and sanctity of their data, and wanting to truly be in control of their data. Plus, with 1Password's subscription model, should you cancel your subscription, you lose all access to the data you have put on their servers.

• Do you know if you would be able to get that data off after you cancel?
• Can you be sure that they will delete that data when that subscription ends?
• Can you be sure that should any type of investigation against you happens, that the authorities won't simply subpoena AgileBits to get access to your password vault (cracking your password to get into your vault is a different issue; the problem is that the authorities would have a physical copy of your vault), instead of being more safe in your control over your data that the authorities would need a warrant to get to your data?

These are questions that AgileBits has not been able to answer, let alone anyone that is supporting the subscription/SaaS model, which leaves a not-so-warm fuzzy feeling with the user base, who can be safe in the security of their data due to having full control over it with a standalone license. There's a cost for convenience, but that cost should NOT be the security of one's data.

BL.

 

[usagora]

But yeah it’s your decision to burn your money as you like.

Yeah, you got me there. I pay $2.99 a month and I hate 1Password. In fact, I don't even use it. I just love to waste money. You've really nailed it.

 

[usagora]

Why? People are more than concerned for the security of their passwords, especially in risking their trust in a SaaS. For example, over 29,000 customers use PasswordState, in a subscription model...


.. that is, until they got hacked, with passwords compromised:

Passwordstate users warned to 'reset all passwords' after attackers plant malicious update | TechCrunch

More than 29,000 organizations, including governments, use the password manager.

techcrunch.com

You're more worried about the cost, while others are worried about the safety and sanctity of their data, and wanting to truly be in control of their data. Plus, with 1Password's subscription model, should you cancel your subscription, you lose all access to the data you have put on their servers.

• Do you know if you would be able to get that data off after you cancel?
• Can you be sure that they will delete that data when that subscription ends?
• Can you be sure that should any type of investigation against you happens, that the authorities won't simply subpoena AgileBits to get access to your password vault (cracking your password to get into your vault is a different issue; the problem is that the authorities would have a physical copy of your vault), instead of being more safe in your control over your data that the authorities would need a warrant to get to your data?

These are questions that AgileBits has not been able to answer, let alone anyone that is supporting the subscription/SaaS model, which leaves a not-so-warm fuzzy feeling with the user base, who can be safe in the security of their data due to having full control over it with a standalone license. There's a cost for convenience, but that cost should NOT be the security of one's data.

BL.

You've misunderstood my post. I'm not talking about the people complaining about cloud-based vs. local vaults; I'm talking about the people complaining about the subscription model/cost. I've already mentioned the "double-blind" method of storing passwords, which negates the concerns about a security breach or law enforcement access. And you can export your passwords (and all other items in your vault) if you decide to cancel your subscription.

 

[bradl]

You've misunderstood my post. I'm not talking about the people complaining about cloud-based vs. local vaults; I'm talking about the people complaining about the subscription model/cost. I've already mentioned the "double-blind" method of storing passwords, which negates the concerns about a security breach or law enforcement access.

Your method is a workaround, not a solution. That is the problem. And it still doesn't address the issue of security versus convenience.

And you can export your passwords (and all other items in your vault) if you decide to cancel your subscription.

Are you able to do that after you cancel your subscription?
Are you sure that AgileBits will delete your data after you cancel?
Are you sure that your digital trail with AgileBits would be completely removed after cancellation?
Are you sure that should AgileBits be compromised, that if they don't delete your data, that your vault could be compromised?

Again, none of these questions have been answered, and cost isn't a good justification for the security issues revolving around this. Like I said above, the feature of convenience should not, nor should ever come at the cost of the security of your data.

BL.

 

[usagora]

Your method is a workaround, not a solution. That is the problem. And it still doesn't address the issue of security versus convenience.

To me, it's a solution, and a good practice whether your vaults or local OR cloud-based. And of course it addresses the issue of security - that's the whole point of it!

Are you able to do that after you cancel your subscription?

Would be sort of stupid not to do it BEFORE you cancel your subscription. Sort of common sense to not cancel a service before you're done with it.

Are you sure that AgileBits will delete your data after you cancel? Are you sure that your digital trail with AgileBits would be completely removed after cancellation?

Do you want them to invite you to their server farm to prove it to you or something? You can also delete it on your own before you cancel (see previous point).

Are you sure that should AgileBits be compromised, that if they don't delete your data, that your vault could be compromised?

That's why you should use the double-blind method. Not sure what else to tell you.

Again, none of these questions have been answered

I get the feeling that no answer will be good enough for you or you'll just say you don't believe them.

 

[Velin]

I just don't understand the animosity I sense in some posts (and not just in this thread) about their subscription model, as if AB was trying to bilk them for all they're worth.

Because I don't want to be on the hook for a lifetime of endless payments for a single piece of software. I want to execute a purchase, own the app, and be done with it. Price it so it captures development costs plus an appropriate profit.

 

[usagora]

Because I don't want to be on the hook for a lifetime of endless payments for a single piece of software. I want to execute a purchase, own the app, and be done with it. Price it so it captures development costs plus an appropriate profit.

You're not on the hook for life, lol! It's an annual subscription that you can cancel and move to "greener pastures" any time you'd like. I could understand your viewpoint if it were software you only occasionally or rarely used (but still wanted to have available to you), but a pw manager is literally something people use on a daily basis, therefore I don't mind paying for the service ongoing. I feel the same way about MS Office.

 

[verdi1987]

EDIT: After checking other users complaining about that on the 1Password Forums, I found that the only way to restore its functionality (not sure if fully) is to enable AutoFill in iPhone's Settings. Much more convenient for me (and I reckon other users too) was to use the Share button at the bottom of Safari window.

This does not completely resolve the lost functionality, as there are some pages for which 1Password does not detect a fillable form. See my post here: https://1password.community/discussion/123526/share-sheet-extension.

I used to be able to use the Share Sheet extension on any page. I cannot do that now.

 

[bradl]

To me, it's a solution, and a good practice whether your vaults or local OR cloud-based. And of course it addresses the issue of security - that's the whole point of it!

Yes, it is good practice to have multiple locations of your passwords, let alone any sensitive data... as long as no-one else that is not trustworthy does not also have access to those locations. That is the problem. I can and should have control over where I put my vaults, who can and should have access to them, and the controls to them. If I store my vaults on my Mac, external disks on my Mac that I can store in a safe, store offsite somewhere where I have physical access and controls to it (for example, storage unit, parents house, etc.), then I'm good.

However, the cloud service is an attack vector that is beyond my control, and that is the issue.

Would be sort of stupid not to do it BEFORE you cancel your subscription. Sort of common sense to not cancel a service before you're done with it.

A service may require notice of cancellation before you are finally done.

Do you want them to invite you to their server farm to prove it to you or something? You can also delete it on your own before you cancel (see previous point).

A good check and balance is to have a 3rd party security firm perform audits on their security practices and have the types of audits and high-level results of those audits posted on their site for perusal by potential clients. That is what happens in the PII and PCI/DSS environment.

That's why you should use the double-blind method. Not sure what else to tell you.

Again, you're implicitly trusting the Service, instead of having explicit control over your data. You're out of luck if that explicit trust is broken due to the service being compromised, and there is no recourse for that.

I get the feeling that no answer will be good enough for you or you'll just say you don't believe them.

You would be wrong. But I also know not to implicitly or naively trust. In fact, a man once said: Trust, but verify.

BL.

 

[usagora]

Yes, it is good practice to have multiple locations of your passwords, let alone any sensitive data... as long as no-one else that is not trustworthy does not also have access to those locations.

??? The double-blind method I'm referring to is when you add a unique key to your passwords that is never stored in 1Password. It has nothing to do with vault locations. So if in the unlikely event 1Password's servers are breached AND someone happens to get your master password AND your secret key . . . they STILL wouldn't have your actual passwords.

You would be wrong. But I also know not to implicitly or naively trust. In fact, a man once said: Trust, but verify.

I trust AB is doing the right thing just like I trust that when I go to the tap, my water is safe to drink. I see no reason to be skeptical about it, seeing as their entire business is security and if they were to mishandle customer data, they're putting their entire business at stake.

 

[bradl]

??? The double-blind method I'm referring to is when you add a unique key to your passwords that is never stored in 1Password. It has nothing to do with vault locations. So if in the unlikely event 1Password's servers are breached AND someone happens to get your master password AND your secret key . . . they STILL wouldn't have your actual passwords.

Then your method is even worse; you still don't deal with the issue of that the malicious party actually HAS your vault. Again, it's a workaround to the problem; you're mitigating any further ways to access your vault, but don't resolve the issue that they already have physical hands on your vault. Your issue resolves the former problem, but not the latter. It is the latter that is the concern, because without the latter problem (the issue of them having physical hands on your vault), you wouldn't have to try to mitigate the problem. that method would effectively be drawing a newer line in the sand behind the first line.

I trust AB is doing the right thing just like I trust that when I go to the tap, my water is safe to drink. I see no reason to be skeptical about it, seeing as their entire business is security and if they were to mishandle customer data, they're putting their entire business at stake.

People said the same about Lastpass, Passwordstate, and others. Look at what happened.

Most wouldn't want to take that risk, and that risk is the crux of the problem.

BL.