See ya, 1Password

[russell_314]

edit: one other important consideration is vulnerability of iCloud Keychain on iOS. Anyone who gets your iPhone's unlock code (say, if FaceID fails and you type it in manually) now has full access to your passwords if they can steal your phone. Apple has not seen fit to fix this security hole where that unlock PIN gives you access everything in the phone, including iCloud Keychain. 1Password on iOS,

I think for most people the reason to use 1Password or any password manager rather than iCloud keychain is cross platform compatibility. 1Password works with whatever operating system you’re running.

I do appreciate that it’s not vulnerable to this exploit though. I am kind of surprised Apple hasn’t patched it by now. 1Password on iOS is not vulnerable to this exploit either. Your choices are biometric unlock or the 1Password master password. Someone can’t use the phone unlock code to get access to 1Password. I covered the camera so Face ID could not work and it would not prompt me for my phone unlock code. Perhaps there’s a workaround that I’m not seeing

 

[matrix07]

my parents are average users and use one.…
This is one of the reasons why iCloud Keychain isn’t safe, and not a good idea to keep passkeys in. Apple needs to fix this, for the average user.

Then they’re not average users.

Apple has enabled using of physical keys so hopefully they will improve it to prevent iCloud password changes without the keys in the future.

 

[ignatius345]

Someone can’t use the phone unlock code to get access to 1Password. I covered the camera so Face ID could not work and it would not prompt me for my phone unlock code. Perhaps there’s a workaround that I’m not seeing

I tried the same thing, and no, 1Password won't let you in with just the phone's PIN, just that master password.

Fortunately, a lot of other apps (banking, credit card) work the same way. You can authenticate via biometrics, or if that fails you're prompted to use a password. It's kind of nuts that Apple themselves treat the phone unlock PIN as the keys to the kingdom -- even letting you change iCloud settings.

 

[BLtheP]

I hate paying for 1Password, and I sure wish it was integrated into iOS/iPadOS/macOS a bit better…but unfortunately iCloud Keychain simply doesn’t do it for me. I used Keychain for many years, but the 1-URL-per-entry thing is super dumb. That, and the fact that iCloud doesn’t work well with Windows at all, and the items you add to Keychain don’t allow much detail. I’d love for Keychain to be my end-all option but it really just can’t be. Keeper didn’t do it for me either and people swore by that one.

 

[Mr. Heckles]

Then they’re not average users.

So they use 1Password makes them not an average user? Ok 🙄

Apple has enabled using of physical keys so hopefully they will improve it to prevent iCloud password changes without the keys in the future.

The key option came out in iOS 16, we are at iOS 17 and no signs of this. Also, not everyone uses a physical key.

 

[matrix07]

So they use 1Password makes them not an average user? Ok 🙄

Anybody who’s using 6 digit passcode are average users. Anybody who’s using 1Password are not.
I’m using 9 digit passcodes & I have never had a need to use 1Password because I’m all in Apple ecosystem.
Yes, there’s “a” certain risk but it’s exaggerated imo. Just don’t use passcode in public place. I’ve never faced a situation when I “have to” use passcode publicly since FaceID is working great with mask.

 

[slyronit]

I found iClown KeyChain's group sharing implementation quite buggy. Twice, some passwords disappeared completely from a group, not being found in any member's "deleted passwords" list. Also, now there's a mismatch, one item is showing up on some member devices, not others.

 

[papbot]

Anybody who’s using 6 digit passcode are average users. Anybody who’s using 1Password are not.
I’m using 9 digit passcodes & I have never had a need to use 1Password because I’m all in Apple ecosystem.
Yes, there’s “a” certain risk but it’s exaggerated imo. Just don’t use passcode in public place. I’ve never faced a situation when I “have to” use passcode publicly since FaceID is working great with mask.

We use 1Password and 6 digit passcodes. Only use 4 on our watches. Whether we’re ”average” or not we have no way of knowing, haven’t done any surveys. The benefit to 1Password for us is that passwords we’ve individually created for various sites are available to both of us, not restricted to just one Apple iCloud account. We’ve been with Apple since the dot mac days when they migrated to to a new format and dropped keychain support. That’s when we started with 1Password. Had Apple not done that we may never have heard of 1Password.

 

[matrix07]

The benefit to 1Password for us is that passwords we’ve individually created for various sites are available to both of us, not restricted to just one Apple iCloud account.

You can do that now with iCloud Keychain.

 

[papbot]

You can do that now with iCloud Keychain.

I know you can Air Drop an entry, which is not always convenient, or create a shared group but doesn’t include other items such as credit cards or other data that we both need to have access to at certain times. Keychain has evolved to be almost as useful as 1Password but not quite. Maybe one day we’ll feel comfortable dropping our subscription, but Apple changed their minds once on us, so we’re in no hurry.

 

[matrix07]

such as credit cards or other data that we both need to have access to at certain times.

I’m using secured Apple Notes for that and shared it with my wife.

 

[Mr. Heckles]

Anybody who’s using 6 digit passcode are average users. Anybody who’s using 1Password are not.
I’m using 9 digit passcodes & I have never had a need to use 1Password because I’m all in Apple ecosystem.
Yes, there’s “a” certain risk but it’s exaggerated imo. Just don’t use passcode in public place. I’ve never faced a situation when I “have to” use passcode publicly since FaceID is working great with mask.

My parents use a 6 digit PIN code, and I do need to get them to change this. They only use 1Password because I set it up for them, they couldn’t have done this themselves… again average users.

 

[matrix07]

My parents use a 6 digit PIN code, and I do need to get them to change this. They only use 1Password because I set it up for them, they couldn’t have done this themselves… again average users.

Exactly. YOU are the one who’s advanced user. 🙂

 

[papbot]

I’m using secured Apple Notes for that and shared it with my wife.

That’s all workable. But with 1Password there’s only one app to do all that we need. And that’s been the case for years, Apple is just catching up.

 

[Mr. Heckles]

Exactly. YOU are the one who’s advanced user. 🙂

My point, THEY are average users.

 

[Apple_Robert]

I definitely get the animous toward subscription services/models, but am afraid with the 'genie being out of the bottle' as it were, there's no going back.

Count me in though as one who has no problem paying for a service where the devs and others behind the scenes are constantly keeping that service updated and hardened against threats.

(Jumped aboard the 1P subscription train back in 2021 after one of LastPass' security incidents. Did give iCloud Keychain a spin as well, but this was before I made my wholesale shift away from Chrome and to Firefox, which currently doesn't support it).


For those who use Bitwarden too, I found this article the other day on BleepingComputer......

Bitwarden flaw can let hackers steal passwords using iframes

Bitwarden's credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people's credentials and send them to an attacker.

www.bleepingcomputer.com

Good heads up. I don't use auto-fill with my password managers because of potential like this.

 

[matrix07]

My point, THEY are average users.

Exactly my point. They ARE. Without you they wouldn’t use 1Password.

 

[Mr. Heckles]

Exactly my point. They ARE. Without you they wouldn’t use 1Password.

No they aren’t. I had a friend help me install a new radio in my car, so now that makes me an advance car radio installer? No. If my parents were advance users, they wouldn’t need my help with setting up 1Password.

 

[matrix07]

If my parents were advance users, they wouldn’t need my help with setting up 1Password.

I think you're confused because it seems we're in agreement that your parents are average users lol.

 

[Shazaam!]

I ported over my 1Password 7 vault to Strongbox and I like what I see.

Using a third-party password manager alongside keychains

Do you want a Password Manager that can use a local, standalone vault, or share one using iCloud, Dropbox, or another cloud service of your choice?

eclecticlight.co

 

[KnownSyntax]

1Password 7 (the local vault that has an option to use their Cloud service but is not required) is still available. App Store (US);

https://apps.apple.com/us/app/1password-password-manager/id568903335

It is still available on Mac OS if needed there as well, although since it's local only they won’t sync between the two.

Now sure, eventually they will drop 1Password 7, but a workaround would be to purchase 1 month of 1Password to sync your details to their cloud, and then export that into a file format to import elsewhere (iCloud Key Chain, or other password manager).

 

[MacCheetah3]

1Password 7 (the local vault that has an option to use their Cloud service but is not required) is still available. App Store (US);

https://apps.apple.com/us/app/1password-password-manager/id568903335

It is still available on Mac OS if needed there as well, although since it's local only they won’t sync between the two.

Now sure, eventually they will drop 1Password 7, but a workaround would be to purchase 1 month of 1Password to sync your details to their cloud, and then export that into a file format to import elsewhere (iCloud Key Chain, or other password manager).

I’m currently using 1Password 6 (v6.8.9) on macOS and 1Password 7 (v7.10.2) on iOS/iPadOS synced via iCloud (Drive) without problems. However, I don’t know how long that will be compatible.