Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Is 1Password worth it?

I use 1Password and I love it. The features I like the most that are missing in Keychain.app are 1) folders/tags, 2) show me weak passwords, 3) show me old passwords, 4) show duplicate passwords, 5) their "watchtower" feature that shows sites I use that have been hacked recently.

Endlessgo said:
Well but it could be bruteforced more easily, couldn't it? Because there is no second factor to protect your vault. With 1password a hacker would still need your secret key. Even if he guessed the master password correctly he couldn't access your vault.
Click to expand...
Take a look at https://blog.elcomsoft.com/2017/08/attacking-the-1password-master-password-follow-up/ and https://blog.agilebits.com/2012/07/31/1password-is-ready-for-john-the-ripper/. Long story short, no one will crack your 1password master key anyday soon.
 
I own standalone 1Password 6 for Mac (on Sierra), and on iOS, and 1Password 4 for Windows. I've been buying and upgrading standalone licenses since 2010.

Here are my expenses over the years:

Mac (total: $64.94):

- 2010-12, Agile 1Password 3 for Mac, $39.95.
- 2013-10, Upgraded to 1Password 4 for $24.99 during the launch celebration, which was half of its full price ($49.99), and 50% off the normal upgrade price ($34.99).
- Version 5 and 6 for Mac were free upgrades for v4 owners.

Windows (total: $20.31):

- 2016-09, Crossgrade for $20.31 to 1Password 4 for Windows, from Mac version.

iOS:

- Totally threw away my receipts and forgot, but I've bought every version and all Pro upgrades over the years, even back when they used to sell iPad and iPhone versions separately. So perhaps something like 5*$10 = $50 (I'm counting iPhone, iPad, Pro upgrades for both, then the Universal app upgrade, then the Universal pro upgrade).

Total-ish: $64.94 + $20.31 + $50 = $135.25 over a ~6.5 year period. That's ~$20.80 per year. In other words, $1.734 per month.

The subscription costs $2.99 per month for a single user. Or $4.99 per month for a 5-person family (with unlimited extra users addable for +$1 per user).

I would use a family plan and share it with friends. So a subscription would cost me $1 per month. That's less than I've already paid "per month" for 1Password over the years.

Soon, they will release 1Password 7, which will be a $34.99 upgrade just for the Mac version, if previous upgrades are a good indication.

So what do I recommend that people do?

- First: Wait. Your current standalone version still works and does everything you need, and probably keeps working on iOS 11 and macOS High Sierra. You can keep using it until it breaks!
- Then: Switch to subscription, shared with friends and family. If you do that, it will cost you $1 per month which is less than the cost of buying and upgrading all standalone versions.

Although there's good news for standalone users: They are working on 1Password 7 for Windows (and Mac), buyable as standalone or subscription, and supporting non-subscription local/Dropbox vaults. So that's cool. Perhaps the standalone path can still be a viable option. Especially if you share the license file with friends. We'll all have to consider that when we know final pricing.

Good luck!
 
Last edited:
They recently announced it as "their next project" without any release dates. So based on their past performance, I guess 1Password 7 will be done 6-12 months from now.

People can read their AgileBits blog posts and forums for more indications and updates.
 
In light of the Equifax breach, we should take a moment and think about how secure any web connected system is.

At this time, having our data on our local systems, aka stand alone, prevents most people from being compromised. But a single server with everyone's data accumulated together is a very tempting target for criminals.

For people impacted by Equifax, it is not a single event. We have to live, for the rest of our lives, with the threat and possibility of identify theft. Having to review and fix any and all issues.

Now add 1Passwords subscription service/online systems being compromised. Think about how many places you will have to update, notify or protect. It becomes a major issue. An issue we can avoid by remaining with the stand alone version and local vaults.

That is what drives me to stay with a local vault and to NOT use any cloud based services for password storage.

Link to news article about Equifax: https://www.usatoday.com/story/mone...te-life-long-identity-theft-threat/646765001/
 
  • Like
Reactions: ck2875
@TonyK It may seem comparable, because "they're both third-party servers outside of your control". But they're not comparable at all.

Equifax: Their systems could read all of your data.

1Password.com: Their systems cannot read any of your data.

On 1Password.com, every user has a random "Secret Key", as well as a "Master Password". The master password and secret keys are never transmitted from your local machine to 1Password.com. They do not know your keys, and they cannot recover them (or your data/passwords) if you lose your keys. They cannot access your data at all. Their servers merely provide storage for your fully-locally encrypted database.

https://support.1password.com/emergency-kit/

Example Secret Key:
A3-FSHJNM-7T85AC-KRSBV-VC83W-7NTCN-457SS.

Example master password:
This is my master password, and I love it!

The attacker needs to download your encrypted database from 1Password.com, and then they need to guess both the secret key and the password (since 1Password.com doesn't have your secret key or master password). So your "real" password is actually "A3-FSHJNM-7T85AC-KRSBV-VC83W-7NTCN-457SSThis is my master password, and I love it!".

They added the Secret Key because they needed to also protect "idiots" who would choose master passwords such as "password". In fact, the 1Password.com service is the only one that uses a secret key in addition to a master password, so 1Password.com is much safer than local vaults (and that's one of the reasons I am considering moving to a subscription; although my Master password alone is currently very long and safe).

How long would it take to crack that? Let's find out via this cracking calculator! https://www.grc.com/haystack.htm

The password above is 82 characters long.

There are "
1,
506,369,054,611,815,866,
642,127,428,175,543,440,
377,725,893,118,285,138,
600,105,099,712,489,691,
450,903,417,617,397,029,
222,340,384,187,065,386,
814,343,541,526,587,586,
733,542,513,897,230,085,
778,109,570,767,017,120"
different potential passwords if you try all combinations up to that length.

Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second) 4.79 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 4.79 billion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 4.79 million trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries

I would happily give all of you my encrypted 1Password database. Good luck cracking it! I would even happily give copies to the NSA, and to every hacker group in the world. The Universe will be dead long before my single 1Password database is ever cracked.
 
Last edited:
  • Like
Reactions: barbu
We have to wait that long for a new version? Wow.
[doublepost=1505140392][/doublepost]
TonyK said:
In light of the Equifax breach, we should take a moment and think about how secure any web connected system is.

At this time, having our data on our local systems, aka stand alone, prevents most people from being compromised. But a single server with everyone's data accumulated together is a very tempting target for criminals.

For people impacted by Equifax, it is not a single event. We have to live, for the rest of our lives, with the threat and possibility of identify theft. Having to review and fix any and all issues.

Now add 1Passwords subscription service/online systems being compromised. Think about how many places you will have to update, notify or protect. It becomes a major issue. An issue we can avoid by remaining with the stand alone version and local vaults.

That is what drives me to stay with a local vault and to NOT use any cloud based services for password storage.

Link to news article about Equifax: https://www.usatoday.com/story/mone...te-life-long-identity-theft-threat/646765001/
Click to expand...

Would like to see you post on the 1password forums. Please post it there.

BTW I found out that you can still create a local vault even if you have the 1Password membership.
 

Attachments

  • Bildschirmfoto 2017-09-11 um 17.27.00.png
    Bildschirmfoto 2017-09-11 um 17.27.00.png
    93.3 KB · Views: 142
Last edited:
Furzul said:
That is why you are better using one strong password that you can remember without writing it down anywere.
A 12/15 character password made up of capital and lowercase letters, numbers and symbols that is relevant to only you is not that hard to remember.
Click to expand...

Incorrect. Do not create a password like that.

Do it like this:

http://gizmodo.com/create-an-ultra-secure-easy-to-remember-passphrase-usi-1694021321

Why? Because this:

https://lifehacker.com/5893510/usin...ord-useless-heres-how-to-pick-a-better-phrase
 
  • Like
Reactions: TonyK
I just purchased the family deal of 1Password. So far I am encouraged but admittedly have not explored it in real depth yet. Having some trouble understanding how to use it on my wife's iPad mini to make it easy for her. Also having an issue figuring out how to use it on my credit unions app. But, I plan on exploring it in more depth.
 
Basilfawltyone said:
Get OneSafe for Mac and iOS.

Pay once, use forever. Safe, fast and excellent support.
Click to expand...

Does OneSafe for macOS and iOS support iCloud sync?

I'm looking to move from mSecure I guess important features are

• iCloud integration
• import into OneSafe
• non subscription - check.
• 256 blowfish or better
• good track record from the software with support going forward
 
deany said:
Does OneSafe for macOS and iOS support iCloud sync?

I'm looking to move from mSecure I guess important features are

• iCloud integration
• import into OneSafe
• non subscription - check.
• 256 blowfish or better
• good track record from the software with support going forward
Click to expand...

I guess you should try Enpass. I'm using 1Password and I love it.
 
  • Like
Reactions: deany
Looked up OneSafe and found it is only for macOS and there does not appear to be an iOS component. That is a deal breaker for me right there. Any solution has to be usable across platforms and devices.

I found this out from their website (did that at home, don't have it at work) which was found with a Google search.
 
TonyK said:
Looked up OneSafe and found it is only for macOS and there does not appear to be an iOS component. That is a deal breaker for me right there. Any solution has to be usable across platforms and devices.

I found this out from their website (did that at home, don't have it at work) which was found with a Google search.
Click to expand...
There is a OneSafe for iPad and iPhone. They all sync via iCloud. Works perfect.
[doublepost=1506367103][/doublepost]
deany said:
Does OneSafe for macOS and iOS support iCloud sync?

I'm looking to move from mSecure I guess important features are

• iCloud integration
• import into OneSafe
• non subscription - check.
• 256 blowfish or better
• good track record from the software with support going forward
Click to expand...

Yup. All iCloud and I think Dropbox but not sure. I prefer to be within Apples ecosystem.
 
  • Like
Reactions: deany
Cloud or Dropbox only syncing is out. If I can't sync via WiFi or USB then I'm not interested.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back