[HN Gopher] 1Password for Linux
___________________________________________________________________
1Password for Linux
Author : grappler
Score : 340 points
Date : 2021-05-18 13:29 UTC (9 hours ago)
(HTM) web link (blog.1password.com)
(TXT) w3m dump (blog.1password.com)
| clircle wrote:
| I've just switched to KeePassXC from bitwarden in the last month,
| and the experience has been pretty bad. My main complaint is that
| KeepassXC-browser can't recognize maybe 30-50% of login fields,
| and the autotype shortcuts seem to be broken in Firefox. Maybe I
| can switch to 1Password.
| philliphaydon wrote:
| Why did you switch from bit warden?
| clircle wrote:
| My wife was spoked that all my passwords were in the cloud
| and asked me to start using a local PW manager.
| PascLeRasc wrote:
| 1Password works so much better for me than KeepassXC,
| especially in Firefox auto fill. But so did Bitwarden. Both are
| great options.
| pjmlp wrote:
| Yes, it is yet another Electron app.
|
| https://github.com/1password/electron-hardener
| rhinoceraptor wrote:
| I'm actually surprised by that, I've been using the beta on my
| Linux machines and never noticed anything that would suggest it
| was electron. No performance issues, weird UI, etc. I actually
| prefer it to the MacOS/Windows native clients.
| bwoodruff wrote:
| Thanks so much for the kind words! We've worked very hard to
| deliver an experience on Linux that exceeds expectations. -
| Ben, 1Password
| yannoninator wrote:
| yes but it uses rust so it's all fine.
| outadoc wrote:
| Hacker News is gonna be torn on this one :)
| chaorace wrote:
| Might be a good litmus test for front-end developers Vs.
| back-end developers
| steveklabnik wrote:
| Plot twist: they use Rust as wasm in the browser
| extension, so it's a front-end thing as well as a backend
| one https://blog.1password.com/1passwordx-
| december-2019-release/
| iudqnolq wrote:
| Yes, but
|
| > We believe that native apps with deep integration create a
| better experience, so 1Password for Linux will feel right at
| home on your desktop, whichever flavor of Linux you choose.
|
| > Out of the box, you'll find:
|
| Automatic Dark Mode selection based on your GTK theme
|
| Open network locations (FTP, SSH, SMB)
|
| Integration with GNOME, KDE, and your favorite window manager
|
| System tray icon support for staying unlocked while closed
|
| Open and fill in your default browser
|
| X11 clipboard integration and clearing
|
| GNOME Keyring and KDE Wallet support
|
| Kernel keyring integration
|
| DBUS API support
|
| Command line API
|
| Integration with system lock and idle services
| throwaway894345 wrote:
| In fairness, Linux GUI toolkits suck a lot. I was a
| professional Qt developer in a past life and while it stands
| head and shoulders above GTK, that's really not saying much.
|
| I've often thought about making my own toolkit, but there's so
| much that we forget about from things like focus to
| accessibility to text layout and rendering (much text has been
| rendered on why text rendering sucks). My hope is that Rust
| breathes new life into native (as opposed to electron) cross-
| platform GUIs, and indeed there are some interesting efforts
| underway.
| whalesalad wrote:
| I really think this is the single most substantial reason as
| to why desktop linux has sucked for so long.
|
| I was following your comment until the end - I don't have any
| probems with Rust but how will that help the situation?
| throwaway894345 wrote:
| I think it's mostly that Rust has a lot of energy behind it
| while and it attracts people who tend to be very capable
| and interested. Notably, [druid][0] and related projects
| are being worked on by [Raph Levien][1] who, well, I'll
| just quote his HN bio:
|
| > I do research on fundamental UI technology and 2D
| graphics, with a focus on Rust and fonts. Currently on the
| Google Fonts team.
|
| Rust also addresses many of my grievances with GTK and C++,
| notably the need to bolt on (although "bolt on" seems to
| imply less fragility than is the case) language features to
| give a higher level facade or otherwise deal with the
| deeply impoverished C and C++ build tools. Related to the
| previous point, Rust makes it much easier to bring in a
| dependency and write tests. Similarly, Rust benefits from a
| long tail of minor tooling improvements including
| documentation generation and hosting to text editor
| integration (Qt ships their own IDE which is of decent
| quality, but you have to go all-in on it; you don't get to
| use the plugins, keybindings, etc that you know and love
| from vscode / vim / emacs /etc and even then IIRC it only
| knows about things in the Qt project but not necessarily
| third party libraries--although with enough blood, sweat,
| and tears you can probably cobble together something based
| on clang metadata).
|
| [0]: https://github.com/linebender/druid [1]:
| https://news.ycombinator.com/user?id=raphlinus
| bwoodruff wrote:
| I'm not entirely sure this answers your question, but one
| of our founders, Dave, wrote a post that may give some
| context: https://dteare.medium.com/behind-the-scenes-
| of-1password-for... If that doesn't address your concerns
| please feel free to reach out to us at
| support+linux@1password.com -- we'd love to chat. - Ben,
| 1Password
| nly wrote:
| GUI toolkits suck on all platforms.
|
| It's just a hard problem and its a boring, loveless space
| to work in.
| pjmlp wrote:
| They are quite alright on Apple and Microsoft platforms.
| throwaway894345 wrote:
| I've heard this as well. I think it can be done, but it's
| probably not an easy effort and it doesn't seem to lend
| itself to teams of volunteers.
| paulcarroty wrote:
| > fairness, Linux GUI toolkits suck a lot
|
| Well, this is GTK password manager
| https://gitlab.gnome.org/World/PasswordSafe - UI works really
| well, use it every day.
|
| Guess GTK will be much more popular 'cause Qt LTS going to be
| proprietary.
| throwaway894345 wrote:
| I meant "they suck for developers", not necessarily for
| users. I'd rather not get into details because the topic
| tends to invite flame from some C and especially C++
| developers and I don't have the energy for that this
| morning.
| tored wrote:
| Personally I prefer building GUIs in a scripting language
| like JavaScript over a compiled language like C and C++,
| GUIs changes a lot and needs to be tweaked in another way
| than system code does, so it is understandable to pick
| Electron, even though I loath the result.
|
| The Qt approach with QML + JavaScript with a C++ backend
| worked in that regard quite well, expose low level system
| calls from C++ and call it from JavaScript, but QML had
| other issues.
|
| And funny thing is that if you do JavaScript you can't
| escape that build step anyway when you use TypeScript,
| but there is hot reload at least.
|
| One problem is that many GUI toolkits are not adopted for
| being consumed from a scripting language, bindings become
| complex and then needs to be constantly maintained.
|
| I'm experimentering with the IUP GUI toolkit, a very well
| written toolkit in C. Designed from the beginning to able
| to be consumed by a scripting language, in this case Lua.
| So it doesn't rely on weird macros or overcomplicated
| structs, you work with opaque handles, this makes it easy
| to be called from any language that has FFI support,
| which makes bindings even easier. Unfortunately no MacOS
| support for IUP.
| nly wrote:
| Trying to create scalable UIs in QML is hell.
| swiley wrote:
| There's always tk if you prefer using a scripting
| language. Most scripting languages have bindings for it
| and at least with python it's the official toolkit for
| the language.
| throwaway894345 wrote:
| Yeah, I think I completely agree with this. Nominally GTK
| (and I think Qt?) is designed with scripting language
| support in mind. They export a bunch of XML that can be
| used to generate bindings in other languages, but said
| XML is miserably documented and in practice it's
| basically impossible to leverage it (I recall various
| attempts at generating Go bindings and all ended in
| failure--it became apparent that it was easier to
| manually maintain bindings rather than generating them
| from said XML).
|
| Perhaps rather than "bindings" you're thinking something
| like GTK and Qt's JavaScript integrations (embedded
| scripting languages vs bindings)? These are bummers in
| that they use some home-grown JS interpreter
| implementations which don't implement any standard
| version of JS (or at least not a very recent standard)
| and it's very confusing what is and isn't supported, and
| IIRC the docs aren't great here either.
| tored wrote:
| I guess there are two different kinds of bindings.
|
| 1) Scripting language is still the driver of the
| application, it uses "bindings" against a GUI library to
| implement the application. This is the one I'm most
| interested in. And if you need low level stuff, you
| implement that as dll/so library and uses that from you
| scripting language.
|
| What usually happens is that you need to read the GUI
| library C or C++ code and examples to understand it,
| because the bindings documentation is not enough, and
| then translate that to your scripting language, can
| become a bit tedious with trial and error if it not
| obvious how to do it.
|
| XML as descriptive source sounds good in theory, that is
| why I'm somewhat intrigued by how Microsoft has done it
| the past with COM and now how they have expanded that
| with WinRT where you can implement language projections
| that can handle cross language types (projected types?)
| so you can get a natural interface in the language you
| are working in. But I'm not a .NET developer.
|
| I think I looked at Go-Qt binding but if I remember
| correctly it was alpha and had problems. Python-Qt exist
| but I don't know much about it. Read somewhere that I was
| just easier to use C++ directly, less hassle, don't know
| if that is true.
|
| Vala looks like a nice solution if you want to go full
| GTK. Problem with GTK is that it is not truly cross
| platform, Gnome team does not prioritize other platforms
| as Qt does. And GTK breaks existing functionality too,
| even between minor versions (still true?).
|
| That is why I started too look at IUP, IUP uses GTK on
| Linux, but win32 on Windows. Tried to do a C++20 project
| with IUP, but gave up, even with all the new fancy stuff
| for C++ it is still awful, better yes, but same old
| problems are mostly there. When you are writing a GUI
| code you don't really care if your string is a const ref
| or pointer or what not, you spend the time on all the
| wrong things and C++ invites to think and micro optimize
| all those decisions(use or not use auto in for loop? how
| to write to best constructor? Optimal initializer?). Then
| before you know it you binge watch C++ talks with Nicolai
| Josuttis and have difficult sleeping at night. And if you
| go heavy into smart pointers, why not just use a GC:ed
| language to begin with? Qt solves that well with QString,
| QList etct, doesn't matter if pass by value or not, but
| then you need to handle qmake. I'm tired of awful build
| systems, they are everywhere, still scarred for life by
| cmake and when I tried CLion. Now I do things over FFI
| instead, sleeps much better.
|
| 2) Scripting language has "bindings" to a GUI
| application/framework, more of a plugin system. Gnome is
| a good example there, but as you say, different
| JavaScript engines between these "bindings", and for
| Gnome, poorly documented.
|
| I think for Gnome and other desktops that uses this
| technique, it is in the right direction, but the quality
| of the plugins I have used is most of the time poor,
| memory leaks etc, you end up using just use the approved
| ones if you don't like to restart your desktop once a
| day. If that is because of poor bindings or poor plugin
| implementations I don't know.
| throwaway894345 wrote:
| > What usually happens is that you need to read the GUI
| library C or C++ code and examples to understand it,
| because the bindings documentation is not enough, and
| then translate that to your scripting language, can
| become a bit tedious with trial and error if it not
| obvious how to do it.
|
| Yes, this is very true.
|
| > XML as descriptive source sounds good in theory,
|
| Agreed, and it could probably work in practice with
| enough investment (ideally forego XML altogether in favor
| of a markup language that isn't hostile to humans and
| machines, document the schema thoroughly, provide
| reference implementations, etc).
|
| > I think I looked at Go-Qt binding but if I remember
| correctly it was alpha and had problems. Python-Qt exist
| but I don't know much about it. Read somewhere that I was
| just easier to use C++ directly, less hassle, don't know
| if that is true.
|
| Yeah, the Go-Qt binding was just incomplete. There was a
| Go/QML project early on, but I don't think it allowed for
| data to flow both directions, which seriously limited its
| utility and then it just kind of faded into obscurity.
| Pyqt (there was a competing Python/Qt binding as well,
| but I forget what it was) was okay, but again it didn't
| have very good documentation and it would still segfault
| all the time. One or both of the Python/Qt bindings were
| also poorly supported.
|
| > Vala looks like a nice solution if you want to go full
| GTK.
|
| I tried this as well, but it's a thin veneer over GObject
| and still has many of the same problems. It also lacks
| any kind of build tooling or package management, and
| again, it's not adequately invested in and the
| documentation is poor (or this was the case when I last
| tried it).
|
| > I think for Gnome and other desktops that uses this
| technique, it is in the right direction, but the quality
| of the plugins I have used is most of the time poor,
| memory leaks etc, you end up using just use the approved
| ones if you don't like to restart your desktop once a
| day. If that is because of poor bindings or poor plugin
| implementations I don't know.
|
| Agreed.
| 29083011397778 wrote:
| Isn't Libhandy (the library used for making mobile linux
| applications for the Pinephone & Librem 5) GTK based? I
| assume that would help tremendously with popularity as well
| octorian wrote:
| Gtk's popularity comes from a couple of things that
| happened about 20 years ago...
|
| - C++ dynamic linking used to be slower on Linux than C
| dynamic linking
|
| - A lot of Linux die-hards are simply C++ haters
|
| - Qt's licensing used to be unfavorable to purists, which
| lead directly to the Gnome-vs-KDE schism.
|
| (Though I've always had the feeling that the license fight
| may have just been a palatable cover for a C-vs-C++ fight.)
| e3bc54b2 wrote:
| Apologies if this comes off rude, but GTK has increasingly
| becoming Gnome Toolkit, and notion of it on other
| platforms/DEs gets hand waived away.
|
| It may suit some people's taste, it is more open than Qt in
| some aspects and it has better language integration by
| virtue of being written in C.
|
| But, as a Plasma/i3 user, I avoid GTK apps as much as
| possible. Thankfully At/KDE apps are plenty and fully
| functional.
| benrbray wrote:
| Yup. Many people including myself are waiting for a viable
| Electron alternative to emerge, but until then Electron is
| leagues ahead of the rest. React Native is a missed
| opportunity for true cross-platform UI, but they chose not to
| support Linux. I'm keeping an eye on Tauri [1].
|
| [1] https://tauri.studio/en/
| emptysongglass wrote:
| What about Flutter, which Canonical has put its full weight
| behind?
| benrbray wrote:
| Oh, I hadn't heard the news about Canonical, that's neat!
| Last I checked desktop support for Flutter was unstable
| and I got the impression from the docs that mobile is the
| main priority. Maybe it's worth another look.
| nly wrote:
| I don't think it's anything to do with toolkits, and
| everything to do with packaging and ABI issues.
|
| You can't distribute a commercial, binary app for 'Linux'
| easily unless you statically link everything (which you
| cannot do with Qt without breaking the license) and compile
| on something ancient.
|
| Even using something like Qt, writing a C++ GUI app for the 3
| major platforms (macOS, Windows and Linux) is about 10x more
| work than getting something like Electron working and
| distributed.
| throwaway894345 wrote:
| > Even using something like Qt, writing a C++ GUI app for
| the 3 major platforms (macOS, Windows and Linux) is about
| 10x more work than getting something like Electron working
| and distributed.
|
| In my case, I did most of my development for an embedded
| target, which meant my org shipped the entire OS and
| therefore we only had to worry about the packages we were
| shipping. Packaging wasn't much of a problem in that
| context, but it was _still_ many times more effort than an
| Electron app--my issues tended to be related to tooling and
| language.
| wyuenho wrote:
| I'm just surprised people call Electron apps "native" now.
| 015a wrote:
| "Native" doesn't mean anything. Everything is native; I mean,
| at some point, its making syscalls and running bytecode on
| the processor, its not running in a Virtual Machine, that
| seems pretty "native". Or, nothing is native; it runs through
| an interpreter, or fifty thousand layers of UI library
| abstraction, or whatever. Websites definitely aren't native,
| right, electron... isn't... Windows WPF apps, classic native,
| jeeze they're horrible to use though, but UWP, also native,
| but, I can write them in HTML and JS? Weird.
|
| There's no logically correct definition of "native" which is
| also useful. Its just a buzzword that a few otherwise smart
| people use to mean "its fast". Every single stack out there
| can be engineered to be slow; some stacks cannot ever be
| engineered to be fast; Electron is not one of them.
| pseudalopex wrote:
| What is a fast Electron app? Visual Studio Code is praised
| the most by far. And even it's slow compared to
| alternatives like Sublime Text.
|
| Native is short for native code or native UI depending on
| context. Native code means AOT compiled. Native UI means it
| uses one of the platform's conventional UI frameworks. You
| can have native UI without native code.
|
| Classic Windows apps are great compared to most
| alternatives.
| fastball wrote:
| The issue is that we call pure web apps "apps" too now, so it
| can be hard to differentiate. We just released desktop
| clients (electron) for our platform, and native was a term I
| didn't want to use but it is quite helpful to distinguish the
| two.
| pseudalopex wrote:
| You just called them desktop apps. Or you can call them
| Windows, macOS, and Linux apps.
| fastball wrote:
| Yep, that's what we did.
|
| But then let's say you have mobile apps as well, built
| with Cordova. What collective term would you use for your
| Desktop and Mobile apps?
|
| It is certainly a bit verbose to specify every platform
| so I don't think that is a viable option.
| hn8788 wrote:
| I think it's just marketing. The devs where I work started
| promoting everything that isn't a web page as "native", and
| web pages that don't have external dependencies as "static",
| even though they are still dynamic apps loaded with
| javascript.
| geodel wrote:
| Kinda expected. Could be useful experiment in flutter-desktop.
| But it is far fetched for paid product.
| gitowiec wrote:
| It is sad, running Firefox as a browser, Slack, Teams and
| 1password as 3 more browsers... Oh I forgot Postman! What are
| other "apps" common among developers built on the Electron?
| greenshackle2 wrote:
| VS Code, Atom, GitHub Desktop.
| konart wrote:
| vscode, arduino ide 2 (not entirely sure)
|
| Honestly you can build quite a list if we are not constrained
| with dev tools only.
| yxhuvud wrote:
| I've had the beta installed a long time but it stopped working a
| week or two ago. Perhaps I need to reinstall or something now
| that the main version is live?
|
| EDIT: Nope, still can't login. Bleh.
| jdoss wrote:
| Do you have any 2FA setup? My work uses Duo 2FA with 1Password
| and I had to kick my Duo account into bypass mode to log in. I
| opened a support ticket with 1Password and they said it is a
| known issue with Duo + 1Password.
| roustem wrote:
| Yes, Duo 2FA is now supported!
| yabones wrote:
| I think something was borked in the config/sqlite db a few
| updates ago when the 'native' auth parts were added. I was
| bitten with the same bug. Nuking the `.config/1Password`
| directory and re-adding my account seemed to work. Not a great
| solution, but it's worked fine since.
| yxhuvud wrote:
| Many thanks, it worked.
| hartjer wrote:
| Thanks for the guidance
| hartjer wrote:
| I have the same problem. It's quite frustrating.
| yxhuvud wrote:
| The suggestion in
| https://news.ycombinator.com/item?id=27195167 worked for me.
| bwoodruff wrote:
| Really sorry to hear about that. You may've missed a database
| migration during the beta period. Please reach out to us and
| we'll be happy to help. support+linux@1password.com - Ben,
| 1Password
| jtdressel wrote:
| Were you able to update to 8.0.34? We recently moved the deb
| and rpm repositories to prepare for this release. Installing
| the deb or rpm from https://1password.com/downloads/linux/
| should setup the correct repo for future updates.
|
| If you have 8.0.34, and still can't log-in you may be
| experiencing the issue yabones described. support@1password.com
| can provide you with more hands-on help.
|
| (Disclosure: I work at 1Password)
| yxhuvud wrote:
| Yes, after applying the solution provided by yabones
| everything seems to work. Thanks anyhow :)
| connorlay wrote:
| Congrats to the 1Password team! I've been using the beta for a
| while now on Pop_OS! and it has been getting better with each
| update.
|
| I personally don't mind that it uses Electron. The app feels
| snappy to me and it looks like their engineers are making efforts
| to optimize the experience.
| tzs wrote:
| Interesting:
|
| > 1Password for Linux also debuts with several features that are
| coming soon to 1Password for Mac, Windows, iOS, and Android
|
| That should be encouraging for Linux users. It suggests that the
| Linux version is not just a port that will forever at best follow
| the other platforms. It can get pretty annoying when you have
| something that is available on multiple platforms, and your
| platform tends to always lag the others.
| leejoramo wrote:
| This does look amazing. Reading the announcement show a level
| of deep integration not just for Linux, but for individual
| distributions and UI's.
| boomer918 wrote:
| Reads like a love letter to Linux, it's great.
| dteare wrote:
| Thanks! That's what I was going for.
|
| ++dave; 1Password Founder
| amarshall wrote:
| Since 1Password for Linux appears to be backed by Electron,
| perhaps it's a sign that other platforms' native clients will
| be replaced by an Electron-based client to get these new
| features.
| jamesgeck0 wrote:
| The "behind the scenes" blog post linked in a sibling notes
| that they've architected the Linux release with a headless
| backend component that they'll be moving every client to use.
| So while there will be HTML-based clients with Linux and
| browser extensions, I think there's a decent chance of
| greater feature parity across platforms with native clients
| in the future too.
| dteare wrote:
| Yup! In many ways Linux is leading the charge. Not just with
| these features but also for development as a whole. Here's the
| background story on how 1Password for Linux started and how it
| was built:
|
| https://dteare.medium.com/behind-the-scenes-of-1password-for...
|
| ++dave; 1Password Founder
| disgrunt wrote:
| What happened to accessibility on 1P for Mac? It's completely
| invisible to VoiceOver now.
| bwoodruff wrote:
| Hey disgrunt. We have a number of VoiceOver users on Mac,
| so something doesn't sound quite right (no pun intended).
| Please reach out to our support team at
| support+mac@1password.com and we'll be happy to help.
|
| - Ben, 1Password
| aeontech wrote:
| Thanks for the product, have been using it for years. This is
| a very cool development!
|
| Have you looked into using Sciter instead of Electron? It
| seems to be considerably more lightweight.
| apozem wrote:
| 1Password in Firefox unlocking the desktop app caught my eye.
| I'm on Mac and have to unlock 1Password in Firefox completely
| separately from the desktop Mac app.
| dteare wrote:
| We're bringing this feature to Mac and Windows as well. It's
| currently in beta and will be coming to the official release
| soon.
|
| If you'd like to play with this now be sure to install the
| beta of the Desktop app as well as the beta of the browser
| extension.
|
| ++dave; 1Password Founder
| Milner08 wrote:
| Ohh exciting! I will be installing the beta right away!
| CamJN wrote:
| Just a warning for people who don't know the grandparent
| is referring to the extension formerly called 1Password X
| (now just 1Password in the browser because AgileBits
| wants you to use that one) which puts ALL OF YOUR
| PASSWORDS into your browser's memory.
|
| The "classic" 1Password browser extension already
| unlocked with the desktop app and does not dump your
| entire vault into browser memory just to fill one
| password.
| jl_agilebits wrote:
| I think you might have a misunderstanding of how our
| browser extension works. Just like our desktop app, your
| password is only in memory if you copy it to the
| clipboard, fill it in the browser, or reveal it within
| the app. Your passwords are always stored encrypted on
| both the desktop app and browser extension, and we make
| an active effort to keep secrets out of memory. I hope
| this clarifies things.
|
| - Jackson Lewis, 1Password Developer
| CamJN wrote:
| Turns out that yes, I thought that the vaults were
| encrypted as a whole, but according to the security white
| paper that changed at some point. So you can decrypt
| individual passwords.
| bwoodruff wrote:
| Thanks for taking the time to check out the white paper!
|
| - Ben, 1Password
| CamJN wrote:
| Use the "classic" extension, it already does this. And has
| the added bonus of not putting ALL of your passwords into
| your browser memory.
| gtf21 wrote:
| Did the classic extension work on Linux? When I switched
| from MacOS having to use the (terrible) 1PasswordX was one
| of the things that really annoyed me.
| CamJN wrote:
| Sorry, ignore me I was wrong
| tempest_ wrote:
| I noticed this as well and if I am honest it is a tiny bit
| annoying when the app is open in another workspace it pulls
| me to it instead of pulling the app to the current firefox
| instance. This forces me to bounce back to whichever
| workspace the firefox was on. Not a huge issue though.
| benhurmarcel wrote:
| This is great. Is there any hope of having the possibility to
| export entries? Looks like it's missing compared to Windows and
| Mac.
| dteare wrote:
| Yup! Since the very beginning in 2006 Roustem and I wanted to
| make sure everyone used 1Password because they enjoyed doing so
| and not because of being locked in.
|
| File > Export is your friend.
|
| ++dave; 1Password Founder
| benhurmarcel wrote:
| Thanks, I use Ubuntu so I missed that there was a menu bar.
| It's hidden unless I hit "Alt".
| hartjer wrote:
| As a user of their linux client, the experience so far has been
| pretty miserable. Is this a new client?
| dieortin wrote:
| Yes, it was beta until now. What was it that didn't work for
| you? I've had a perfect experience myself.
| ed25519FUUU wrote:
| Is this a subscription only feature?
| heleninboodler wrote:
| According to this forum post I just found[1], they are "no
| longer advertising" the non-subscription mode, and they
| apparently will not directly answer questions about whether
| it's still sold:
|
| >> "We're no longer advertising standalone licenses" Does that
| mean "We're no longer offering standalone licenses"?
|
| > Membership [aka subscription-based] is the way forward with
| 1Password.
|
| It's really disappointing that their communication is so
| transparently evasive on this point.
|
| [1] https://1password.community/discussion/116659/how-to-
| switch-...
| bwoodruff wrote:
| We continue to sell licenses for each 1Password 7 for Mac and
| 1Password 7 for Windows. These licenses are available within
| the app when downloaded from our website. We would strongly
| recommend 1Password membership as that is going to provide
| the best experience, but if you'd prefer a license for one or
| both of those products they are for sale. We recommend
| memberships as they address a number of requests our
| customers had that we were unable to accommodate without
| connecting to a server to perform the heavy lifting, such as
| 2FA, sharing, etc. It also significantly simplifies the
| purchasing experience: a subscription includes access to the
| latest versions of all the 1Password apps. You can read more
| here: https://support.1password.com/explore/membership/ -
| Ben, 1Password
| 0x5f3759df-i wrote:
| As a standalone license customer for almost 10 years now,
| the constant responses like this and the deliberate non-
| answers on the forums really make me wonder how long I will
| continue to use 1password. I love 1password but I will not
| put my passwords in someone else's cloud.
|
| It's honestly pretty insulting that every time this comes
| up, someone from 1password pops in to talk down to your
| customers and push subscriptions.
|
| I understand the business reasons of why you want
| subscription revenue, but pretending that you're pushing
| subscriptions for the good of your customer is just so
| transparently false. It's good for your bottom line, just
| own it.
| heleninboodler wrote:
| Indeed. Stuff like this:
|
| > We would strongly recommend 1Password membership as
| that is going to provide the best experience
|
| is maddening. Do you guys really think we all just don't
| know what is going to provide the best experience?
| Because what will provide me the best experience is
| keeping it simple, not taking on an online dependency,
| and keep putting out standalone updates and platform
| ports, which I'd gladly pay for.
|
| The condescension, evasiveness and dishonesty is just
| sad.
| soshiito wrote:
| The writing is on the wall. Licenses are out and
| subscriptions are in. Make of it what you will. Don't get
| upset with the person doing their job and towing the
| company line.
| dteare wrote:
| I'm sorry it comes off that way. We don't mean any
| disrespect in the slightest. Your support over all these
| years means the world to us and we know darn well we
| wouldn't be here today without awesome customers like
| you. <3
|
| I left a comment just above yours that I invite you to
| read. I don't want to repeat it in its entirety here but
| suffice it to say we're excited about our hosted solution
| and yes we can find ourselves shouting from the rooftops
| about it. Kinda like newlyweds I suppose. :)
|
| ++dave; 1Password Founder
| heleninboodler wrote:
| Ok, so go back through your forums and threads like these
| and read all the "how do I get standalone" questions
| throughout the last 5-6 years and tell me honestly that
| the awkward non-answers are just you guys being excited
| about your hosted solution. It's evasive. I'd feel a lot
| more mutual respect if you'd drop the charade and just
| say "yeah, you guys aren't really our primary use case
| anymore and we're not really planning to support you.
| Sorry." Making us read between the lines while you play
| coy games like saying "well, it's not _advertised_ , but
| it kinda works on some platforms" is insulting.
| roustem wrote:
| I can certainly understand and appreciate your point of
| view. You are free to disagree with mine and I am sorry
| that it might come off the condescending, it is certainly
| not what any of us want to convey.
|
| However, we are also 1Password users and we build the
| product for ourselves. We are supporting millions of
| customers, several thousand support emails and tickets
| every day. And I am honest, the membership provides much
| better experience compared to standalone disjoined apps,
| manual syncing and lack of account recovery. The list of
| differences and improvements is huge. It certainly makes
| me sad when people think that it is only about sync.
|
| Roustem, Founder of 1Password
| heleninboodler wrote:
| My honest advice is to just make a clear statement that
| you're dropping standalone mode and do it. People with
| licenses can continue using their non-upgradeable
| versions as long as they want but they're not getting any
| more updates. That would be a lot less dishonest than
| pretending it's supported-ish and just hiding it deeper
| and deeper on every release.
| dteare wrote:
| Thank you for supporting us all these years! We wouldn't
| be here without awesome customers like you. <3
|
| As a long time user I bet you remember when we needed to
| write posts like Two Factor or not Two Factor[1].
|
| > One and a Half Factors?
|
| Good times. :) Thankfully with our own service we are now
| able to provide real 2FA as our server is able to enforce
| it. Same with family sharing, team environments,
| automated backups, item history, account recovery that
| only your family organizers/team admins can perform,
| along with simple invites and easier device setup.
|
| And it's not just new features but we can make existing
| ones better. You probably have seen your fair share of
| Conflict Resolution windows and weird sync issues over
| the last 10 years. Sync is a hard thing to get right and
| being able to rely on a server to give specific responses
| in specific situations has enabled us to provide a much
| better experience than we ever could with a generic file
| service.
|
| The reality is 1Password is better than it ever has been
| as a direct result of allowing our developers to work
| their magic on both sides of the network connections.
| Server and client.
|
| It's a bit dated now but I wrote From a Happy 1Password
| Maker[2] back in 2017 that highlights a lot of things we
| love about memberships. In it I explain why I'll continue
| to non-apologetically nudge everyone towards 1Password
| Memberships.
|
| [1]: https://blog.1password.com/two-factor-or-not-two-
| factor/ [2]: https://blog.1password.com/why-we-
| love-1password-memberships...
|
| ++dave; 1Password Founder
| bwoodruff wrote:
| Yes, 1Password for Linux requires a 1Password membership. You
| can subscribe to any of our individual, family, or team
| accounts yourself, or if your company subscribes to 1Password
| Business you'll get your own family account for free.
| Regardless of how you subscribe you'll always have access to
| your data as each client has a local cache for offline use and
| your account remains active even in the event your subscription
| lapses. If you have any questions or feedback please feel free
| to reach out to us directly at support+linux@1password.com -
| Ben, 1Password
| c0wb0yc0d3r wrote:
| As far as I know, 1Password does not have a free tier.
| bwoodruff wrote:
| Mostly true, though this may be of interest:
| https://github.com/1Password/1password-teams-open-source :) -
| Ben, 1Password
| hamburglar wrote:
| They used to have a paid tier where you just pay for the
| software outright and use it offline. They have been making
| it harder and harder to find every release, so it may not
| exist anymore.
| hamburglar wrote:
| If history is any indicator, they will say it's not
| subscription only while simultaneously leaving all the docs and
| kb articles on their website in a state that makes it sound
| like it's subscription only. They don't really want non-
| subscription customers, but they don't want to say that
| outright. This has been clear for years and is the reason I've
| given up despite thinking their (non-subscription) product is
| worth the money. It just feels like they are always on the
| verge of dropping support for it.
| waheoo wrote:
| Just use bitwarden. Open source and the only thing that you'd
| really want to pay the 10/year for is 2fa integration.
| bognition wrote:
| I'm a big fan of 1Password. I've been paying for it for years. A
| few years ago I got my partner setup in a few minutes and now
| they have strong passwords everywhere. Its got great features for
| sharing vaults with other people so I've got password managers
| setup for the kids too. My partner and I both have personal
| vaults, we have a shared vault for financial stuff, and a shared
| vault for our media accounts (that we share with the kids too)
|
| I get that people bristle about SaaS subscriptions in their
| personal life but the $60/year it costs is well worth it. The
| research shows that strong passwords and limiting re-use is
| extremely effective at preventing account compromises and
| 1Password makes this dead simple.
|
| The thing that finally made it an incredible app was when Apple
| finally allowed 3rd party password management in iOS.
|
| Yes there might be better password managers out there and they
| might have better security. However show me an alternative with a
| UX that is simple enough for my 6 year old to use, that works on
| iOS, Android, MacOS, and now Linux.
| rkeene2 wrote:
| I think we should move away from passwords entirely, the UX for
| that is often much better for users (and as a bonus, you don't
| need to worry about your password being compromised, or
| password managers).
| itisit wrote:
| What is the alternative you propose?
| rkeene2 wrote:
| I think the universe is slowly standardizing on
| WebAuthn/U2F for this.
|
| The US Government got rid of passwords in 2004 by switching
| to smartcards, and Google also did so in 2017 by switching
| to hardware security tokens.
| itisit wrote:
| That's fine for tech businesses with dedicated IT
| support, but what about consumers?
| harveywi wrote:
| Hard drives are large enough nowadays to contain a whole
| copy of the internet. Instead of connecting to the internet
| to access the web, computers should serve up local copies
| of the sites instead. Then it is 100% secure and there is
| no more need for passwords or insecure WiFi connections.
| paxys wrote:
| 1. No they are not
|
| 2. The core problem is still that you need to be able to
| communicate with others, for which you need to identify
| yourself. Where a site is served from doesn't change
| that.
| 74B5 wrote:
| > However show me an alternative with a UX that is simple
| enough for my 6 year old to use, that works on iOS, Android,
| MacOS, and now Linux.
|
| I have my keepass vault in my dotfiles repository. All i need
| on any device is keepass and if i want to write to that vault,
| git. Of course i secured my publically accessible vault with a
| strong password and an additional token. Works fine for me but
| i have to admit, using a lot of devices with write access to
| that vault would get cumbersome.
| theon144 wrote:
| Good luck explaining the concept of a "dotfile" and "git" to
| a 6 year old, I guess...
| rvz wrote:
| > However show me an alternative with a UX that is simple
| enough for my 6 year old to use, that works on iOS, Android,
| MacOS, and now Linux.
|
| I'm afraid Dashlane fits all of those requirements. Hands down.
| Then Bitwarden comes second.
| satysin wrote:
| I setup Bitwarden for my mother and step-father last year as it
| is free for basic use and they don't care for any of the
| advanced features.
|
| While the UX of Bitwarden isn't quite as polished neither have
| had any issues. They use it on their Windows laptops and
| Android phones just fine.
|
| I think the fact my mother hasn't asked me to help her with her
| Facebook password for over a year now speaks volumes over how
| well it works for her :)
|
| 1Password is indeed a superb product though. I do like to chime
| in when password managers are mentioned to help spread
| awareness of Bitwarden as they don't have the same level of
| marketing as 1Password and I appreciate that Bitwarden is open
| source and all that jazz :)
| yohannparis wrote:
| And, for people who cares like me, they are based in Toronto,
| Ontario, Canada. I like to support an excellent Canadian
| product!
| x3n0ph3n3 wrote:
| I used to be a strong advocate of 1Password, but I was also
| using Syncthing to synchronize my password database to multiple
| devices. 1Password basically killed support for that because
| they want people to pay for their SaaS offering. I ultimately
| switched to self-hosted Bitwarden and have been much happier
| with it.
| vmception wrote:
| Sidenote: 1password has no way of knowing if I am materially
| affected by a site breach, and its notifications about a site
| being breached annoy me
| octorian wrote:
| The functional uselessness of ALL site breach notifications
| from EVERYONE who will send them to you is something that
| pisses me off to no end.
|
| "Your Email was found in the data dump from the FooBarBaz.NET
| hack!"
|
| Okay, which site was this? Is there a password I'm supposed
| to change? Was it actually a password I stopped using 5 years
| ago, but is still floating out there somewhere?
|
| None of these questions are ever answered in a way that's
| actionable, so these notices get effectively ignored.
|
| (FWIW, back when I worked at a certain big company and they
| provided this service to employees, the data dumps actually
| did contain enough useful info to answer the questions some
| of the time. But the services available to the general
| public, even if you pay for them, are damn near useless.)
| pseudalopex wrote:
| > Okay, which site was this?
|
| The site it said it was?
|
| > Is there a password I'm supposed to change?
|
| Do you have a password saved or memorized? Does the site
| have a link or form to log in?
|
| > Was it actually a password I stopped using 5 years ago,
| but is still floating out there somewhere?
|
| They can't be sure. Why not change it to be safe?
| octorian wrote:
| >> Okay, which site was this? >The site it said it was?
|
| I'm sorry, but I have absolutely no idea what sites fall
| under the banner of the "FooBarBaz.NET" dark web data
| dump.
| pseudalopex wrote:
| What is FooBarBaz.NET supposed to represent? The LinkedIn
| breach affected LinkedIn for example.
| theon144 wrote:
| There's a bunch of high-impact leaks that had a rather
| inscrutable nickname - from the front page of
| https://haveibeenpwned.com/, I certainly wouldn't be able
| to tell what does being affected by a "Collection #1"
| breach mean, or "Exploit.In" or "Anti Public Combo List".
|
| That said, HIBP specifically _does_ provide that
| information which is more than actionable, and that being
| the most prominent of these services, I 'm not so sure
| what the complaint is about really either...
| vmception wrote:
| Exactly, also, many times I aliased the sign up email or
| otherwise made the username unique. And I already have
| unique password, so there just isn't anything to care about
| for 99% of services.
| progx wrote:
| Bitwarden https://bitwarden.com/
|
| Has clients for all platforms, open source, self hosting or
| free plans and saas.
|
| Waited long time for 1password for linux and switched last year
| to bitwarden. Family Account for 6 Users ($40 per year)
| bognition wrote:
| Its really great to hear how far Bitwarden has come. I love
| that there are multiple viable competitors in this space.
| bitlevel wrote:
| Moving from 1Password to Bitwarden was the best thing I did.
|
| Bitwarden enabled me to use it with Linux, Mac, Windows, Web,
| etc. _years_ before 1Password decided to join the party.
|
| And there's no subscription to speak of - just a premium
| "extra features you may or may not want" yearly payment,
| which works out _much_ cheaper.
|
| Finally - all my passwords belong to me. Self hosted server
| means that I keep control, not some random cloud.
| throwaway8581 wrote:
| Since Bitwarden is end-to-end encrypted, the risk isn't who
| hosts the data but who controls chrome extension and App
| Store updates. Bitwarden's servers being compromised would
| cause you no harm except data loss, but a malicious client
| update could steal all of your passwords.
| pier25 wrote:
| Bitwarden is awesome. It's my current password manager after
| I left 1P.
|
| I spent hundreds into 1P before the subscription model, as
| their apps were expensive and got them on multiple OS and for
| family members.
|
| Then Dropbox decided (rightfully) that you shouldn't use your
| public folder to host websites, and 1P told their customers
| to either get a subscription or lose the online vault which
| is a critical feature of any password manager. They didn't
| even have the decency to offer a free year of the
| subscription to their current paying customers.
|
| It would have cost 1P pennies to just host the vaults on S3,
| but they decided to force their customers to switch to the
| subscription model if they wanted to have a feature they had
| already paid for and 1P had been advertising for years.
|
| I will never give a single cent to 1P again.
| dasil003 wrote:
| It's slightly shocking how angry people get about companies
| going from one-time purchase to subscription. Like many
| software companies, 1Password made a business decision to
| focus on a subscription product. This strikes me as
| reasonable and naturally aligned with the customer
| expectation that this software be supported in perpetuity
| as OSes and browsers evolve over time. $5/month is not a
| crazy price to pay for a critical piece of software you use
| every day--to the contrary I kind of feel like it's the
| minimum price for a consumer software product to be
| sustainable. I don't want my password manager to be cutting
| corners because they can't afford to invest properly in the
| product.
|
| As far as deprecating the bring-your-own-sync approach, I
| understand this is legit flexibility that some customers
| want, and I'm glad there is a competitor that does a good
| job of it. Personally though, after many years of using
| 1Password + Dropbox, I must say I've had a lot fewer sync
| problems since migrating over to 1Password for Families. If
| I had a broad sync strategy maybe I would feel otherwise,
| but I don't--to the contrary, I'm moving away from Dropbox
| because of the shenanigans they are pulling with my OS
| internals, and maintaining a VPS or even an AWS account
| with S3 is a significant burden that I don't take lightly.
| As a product engineer, a single integrated sync is easier
| to provide guarantees, and prevents a lot of problems
| caused by third parties with no recourse to debug.
| steveklabnik wrote:
| I've been thinking about this a lot about Adobe lately,
| specifically. I've been getting into video editing as a
| hobby, and the fact that I could use Premier for
| $20/month rather than the single time purchase of $800 or
| whatever it used to be is the difference between me being
| able to use it or not. And yeah, maybe in 40 months I
| would be spending more money, but there's no guarantee I
| wouldn't be spending money to upgrade at that point...
| and then once I started wanting to add in After Effects,
| Audition and Photoshop, $60/month for literally every
| Adobe product compared to what, like, $2400 for those
| four? And if I use any more things from the suite, it's
| still the same price. I was talking about this with
| someone the other day, and was like "Imagine telling 12
| year old me that I would own a legal license of Photoshop
| because of how inexpensive it is."
|
| (I am also a happily paying customer of 1password; I
| strongly _prefer_ the cloud offering...)
|
| And that's beyond the fact that, in some sense, this
| aligns the business needs closer to mine. It is easier
| and in some sense, more fair, for me to pay for the
| software while I use it, and not when I don't. On the
| business side, it's nicer too. It pretty much feels like
| a win-win all around, _except_ for certain circumstances.
| But in the happy path, it 's basically almost entirely
| strictly better.
|
| I feel weird being on this side of this argument these
| days, but it is what it is.
| jseliger wrote:
| _the fact that I could use Premier for $20 /month rather
| than the single time purchase of $800 or whatever it used
| to be_
|
| Or you can buy DaVinci Resolve for $295 and get a
| lifetime license. And they make a Linux version.
| def_true_false wrote:
| I thought it was an open secret that people who were just
| trying out the Adobe tools (and other software with
| similar pricing) didn't really pay the sticker price?
| steveklabnik wrote:
| Maybe? I dunno, it's been a very long time since I cared
| about using any of them, and it's cheap enough now (and I
| like, have a real job and stuff, I'm not a kid and/or in
| college) that doing anything else would have taken more
| time than it's worth.
| merb wrote:
| well I am (or rather my company) is a paying customer
| aswell. they offering is really cheap and you get tons of
| family accounts for free.
|
| but I think a subscription model always depends on the
| use case, I mean it's probably impossible to pay for
| everything (considering that every software that we would
| use, will be using a subscription) I'm on a mac and lots
| of small tools are priced like 4-5 EUR which means I only
| need to buy a new version ones apple updates his os.
| [deleted]
| signal11 wrote:
| I started with 1Password 4 (non-subscription) and
| considered upgrading to 1Password 7 -- yes, you could buy a
| non-subscription copy when I checked, although it's
| increasingly well hidden as an option -- and in addition to
| Dropbox it may have supported iCloud, not sure about that.
|
| In the end I went with the subscription because I it's
| bought once for all my devices, and is great for family
| use, with UX that's easy from children to grandparents. As
| a bonus, the Dropbox sync issues just stopped - their own
| sync works much better for me.
|
| I do understand the frustration about subscriptions for
| _everything_ but I 'd like my password manager vendor to
| remain in good financial health, so I'll happily make an
| exception and pay regularly for my password manager.
|
| > just host the vaults on S3
|
| That's a fairly niche audience, and it's very easy to
| misconfigure S3. Product development is about making hard
| choices, and I'm ok with 1Password choosing not to do this,
| just as I'm okay with them not supporting WebDAV -- YMMV.
|
| What I _do wish_ is that 1Password would support a few
| cloud storage options (e.g. Google Drive, OneDrive etc) on
| mobile so that people who 're not inclined to subscribe
| have an alternative, if only to squelch the inevitable
| complaints about subscriptions. When 1Password was a
| smaller company, I can see why one wouldn't want to do that
| as it'd take away precious dev time, but my understanding
| is that they have more funding now.
| kwanbix wrote:
| I agree on supporting your vendor, however, I think
| 1Password is too expensive. That is why I pay for
| Bitwarden. The difference is 33% less expensive (or 50%
| more expensive if you look it from the Bitwarden side). I
| think 3.33 euros per months is about a good valance.
| bwoodruff wrote:
| An individual 1Password membership is EUR2.65+VAT per
| month when invoiced annually. - Ben, 1Password
| kwanbix wrote:
| Bitwarden is EUR10 when invoiced annually (32 vs 10).
| bwoodruff wrote:
| Understood. There will always be something cheaper. Just
| commenting on your point about:
|
| > I think 3.33 euros per months is about a good valance.
|
| :)
| nemosaltat wrote:
| Like OP, I've used 1P since the early 2010s. Its
| approachability (and the fact that I pay for it) finally
| convinced my family (SO/siblings/parents) to use a password
| manager. I love the native experience on iOS, and the full
| desktop version + browser extensions
|
| I remember being frustrated by the Dropbox loss, and I'm
| still frustrated that they seem to push 1PasswordX over the
| native apps. Other than that I've only had 3 major gripes:
|
| 1) Lack of Linux support 2) Lack of good ssh key management
| 3) Lack of ability to self host
|
| I've been eying BitWarden for awhile- How was your
| transition/migration to Bitwarden from 1P? How does the iOS
| integration compare to 1P? Do you self-host?
| rdschouw wrote:
| I self-host using docker. It is very reliable including
| updates.
|
| Transition is as easy as exporting your 1P database and
| importing it into BW.
|
| Integration in IOS is very similar as 1P.
|
| Overall, 1P's apps are more polished than BW. You notice
| it when you migrate over and after a while you forget
| about it.
|
| There's one caveat and that is you've to pay BW $10 per
| year to get TOTP/2F AUTH support and offline support in
| the apps.
| dteare wrote:
| I'm happy to hear our export worked well for you. We
| spent extra effort there to make sure our export format
| contained enough structured information that it could be
| imported properly elsewhere. I hate data lock-in and we
| wanted to make sure you wouldn't be locked into
| 1Password.
|
| I hope we can win you back someday.
|
| ++dave; 1Password Founder.
| philsnow wrote:
| > I'm still frustrated that they seem to push 1PasswordX
| over the native apps
|
| This is one of the things that pushed me to choose
| bitwarden over a 1password families subscription (even
| though I get the latter for free from my work).
|
| I don't like the idea of credentials living in a browser
| extension (or even in a browser). I'm not confident in
| the long-term security of the entire setup, especially
| with the "evergreen" nature of modern browsers. I don't
| like telling my less-technical family that _this_
| extension is okay, but absolutely don 't trust any other
| extensions.
| bwoodruff wrote:
| Interesting! I honestly hadn't seen the perspective that
| we were pushing 1Password in the browser _over_ the apps.
| We may need to look at our messaging on that. Personally
| I think the best experience comes from using both in
| conjunction, especially with the new mutual unlock
| feature.
|
| > I don't like telling my less-technical family that this
| extension is okay, but absolutely don't trust any other
| extensions.
|
| I do understand this dilemma, but I'm curious how you
| reconcile that against things like the benefits of
| filling from the extension avoiding the system clipboard
| & key loggers, the inherent phishing protection that
| comes from 1Password only suggesting credentials on sites
| where the URL matches your items, etc.
|
| Telling folks the 1Password extension is okay and others
| are not is the approach we take internally.
|
| - Ben, 1Password
| philsnow wrote:
| > I'm curious how you reconcile that against things like
| the benefits of filling from the extension avoiding the
| system clipboard & key loggers
|
| I'm mostly punting this to macos. I don't give my kids
| admin rights on the devices I let them use and in general
| I think you need a11y access to log keys on mac, granting
| which requires admin.
|
| AFAIK, modern browsers prevent interaction with the
| clipboard without user interaction, so using the system
| clipboard for passwords is not a huge deal. As a
| mitigation, 1password and other password managers clear
| the clipboard after a timeout.
|
| On my linux machine, I use a bitwarden CLI in a script
| that either uses xclip to put the password into the
| clipboard or xdotool to type it directly. To my
| understanding, the security model in X is quite a bit
| worse than that in mac, but I prefer this over using a
| browser extension.
|
| > the inherent phishing protection that comes from
| 1Password only suggesting credentials on sites where the
| URL matches your items
|
| I can't wait for a passwordless world to come. For now,
| my kids only have credentials on sites that are
| relatively worthless, and I use U2F on all the
| sites/services I possibly can that have any value.
|
| On the sites that have value but don't support U2F, I
| either accept the risk or try to find alternatives. Banks
| and financial services (I live in the US) are a perennial
| disappointment here.
|
| I do use the bitwarden app on my iphone, and when you
| actually go through the password filling feature (instead
| of just switching to the bitwarden app and searching), it
| does suggest only those passwords that match the URI
| you're looking at. I haven't closely examined why I'm
| okay with this integration but not a browser extension on
| other platforms, but I am.
| iamcreasy wrote:
| > Then Dropbox decided (rightfully) that you shouldn't use
| your public folder to host websites
|
| I did not know about it. Can you still do it with other
| provides such as Microsoft(OneDrive) and Google(Drive)?
| extra88 wrote:
| > online vault which is a critical feature of any password
| manager
|
| I guess by "online" you mean access to your passwords using
| nothing but a web browser. I can see how that could be a
| requirement for certain users (e.g. employees permitted to
| make personal use of a work computer but not install any
| software) but disagree that that's a critical feature.
|
| I used Dropbox to sync my 1Password vaults (including a
| shared vault with my spouse) from 2013 but never used the
| "trick" of publishing it through the public folder before
| Dropbox dropped that feature in 2017. I continued using
| Dropbox to sync vaults until last year when I upgraded to
| 1Password 7 and a family subscription.
| JohnWhigham wrote:
| You're getting downvoted, but this is all true and
| shouldn't be discounted. I'm in the process of migrating
| off 1Password after their shitty behavior of all but
| forcing people to migrate to the cloud.
| benhurmarcel wrote:
| Bitwarden is a great option. It has all the features you
| could need, and is cheaper (and critically has a free plan).
| That's basically my default recommendation for most people. I
| know most people won't consider anything other than free.
|
| I still choose to use 1Password personally, because the
| higher polish and experience is worth the slightly higher
| price for me.
|
| Both are good options really.
| lukevp wrote:
| Bitwarden is awesome, and super easy to self host with
| Docker. Heck, you could get a $5/mo DO droplet and host
| bitwarden_rs along with a static site or a bunch of other
| things! I wouldn't suggest this to people who are unfamiliar
| with hosting, Linux, docker, and how to make backups, so the
| self hosting is admittedly limited in appeal, but even their
| SaaS offering seems like a great deal!
| jacurtis wrote:
| Bitwarden is a great alternative. But it must be mentioned
| that you need to be willing to accept the responsibility
| and burden of the operational overhead required to run it.
|
| I realize that most people tout self-hosted as a "benefit",
| and it might be a benefit for the demographic reading HN.
| But for the average person, self-hosting is far from
| practical. Most people can't realistically boot up a DO
| droplet and install Docker and Bitwarden.
|
| Heck, I am a SysAdmin as a career. I build highly available
| architecture all day long, but for my personal/family
| passwords it is honestly not something I personally want to
| handle. Maybe it is because I actually work in highly
| available architectures all day long that I am more fearful
| of throwing all my passwords onto a $5/mo DO droplet, that
| by its nature is not HA. Sure I have the expertise to lock
| it down, keep it secure, keep it backed up, keep it
| updated, etc.. But I am paying $60/yr for the VPC ($5/mo x
| 12 mos = $60/yr), which is the same cost as 1Password for a
| Family plan and is more expensive than the $36 they charge
| for a personal plan.
|
| So even though I am qualified to reliably self-host
| everything, why would I want to? Why not just pay the same
| amount of money for someone else to accept that burden?
| Plus that company is scaled up to be running their
| customers on far more reliable architecture systems than I
| would alternatively be using on my single VPC/droplet.
|
| This isn't to shit on Bitwarden. In fact i have a ton of
| experience with both Bitwarden and 1Password. These are
| easily the two best options on the market. Both have close
| to feature parity. You can't go wrong with either. But I
| would just cautiously warn people that want to self-host
| Bitwarden. This is a major responsibility to self-host an
| app that contains such critical information. Before you
| click install I would do a thought experiment of what would
| happen if you lost your Bitwarden installation, and
| therefore ALL of your unique passwords across the entire
| internet. Now ask yourself, how confident are you that you
| can avoid that situation. Then remember that affordable
| alternatives exist that take that responsibility away from
| you.
|
| This isn't saying that you shouldn't do it. Just that it
| isn't practical for most people. And I honestly don't see
| the draw for self-hosting a personal or family account. I
| would self-host a business account. But why bother with
| personal or family? Just get a hosted account so you don't
| have to play "IT Person" at home when your partner gets
| locked out of Netflix and can't access the password.
| bwoodruff wrote:
| This whole comment was a great read, and parallels how I
| personally feel about self-hosting. I have a homelab with
| my own servers where I love to play with this kind of
| stuff. Do I want the responsibility of setting up and
| maintaining the 1Password service all by myself as a
| production environment? Absolutely not.
|
| I have more infrastructure in my basement than some small
| companies have in their entire organization. :D But in
| terms of relying on that infrastructure, run by me alone,
| for something as mission critical as 1Password? I'll
| pass.
|
| - Ben, 1Password
| brewdad wrote:
| You're not required to self-host Bitwarden, it's simply
| touted as an option around here for those too paranoid to
| let a third party host their passwords.
|
| If you are already in the 'let someone else deal with it'
| camp, then Bitwarden is dead simple. It works everywhere
| and does a great job of keeping your vault in sync on any
| device. All for way less than 1Password.
| linsomniac wrote:
| Going to confirm this: BitWarden is dead simple to set up
| without any hosting requirement. There's an option to
| host it, which I haven't tried, because the base setup is
| so dead simple.
| kwanbix wrote:
| I do value the option of hosting Bitwarden myself, but if I
| have to pay 5/mo for a droplet, I rather pay that much to
| Bitwarden and forget about it.
| qq4 wrote:
| What does 1Password do better than LastPass? I pay nothing and
| I don't feel like any features are missing.
| IndySun wrote:
| 6 years old and already having to navigate software, passwords,
| privacy. I am mildly shocked, and saddened. Or am I just behind
| the times?
| jandrese wrote:
| Malware bots on the Internet don't care how old you are. If
| the kids are on there (all of their friends already play
| Roblox and talk about it incessantly) then they need to have
| the same level of password security and care with personal
| data than an adult does.
|
| The last thing a 6 year old needs is some asshole opening a
| dozen credit cards in their name and maxing them out on cash
| advances to buy Bitcoin.
| Milner08 wrote:
| Really? I was using the computer at 6, although basic stuff
| in DOS (I remember being proud I knew how to start games
| etc). At 6 you're in primary school in the UK and using a
| computer and internet safety is definitely a big thing. Not
| sure why you'd be saddened by this? Its not like its a black
| and white you either play outside or you use the computer
| thing. People can do both and learning about technology early
| is a good thing.
| IndySun wrote:
| >Not sure why you'd be saddened by this?
|
| I did all that too. I concur with your overview. I don't
| see the world as black and white either. We know that
| children are more easily exploited, no matter how tech
| savvy, but it's not so much the 6 year old age that hit me
| reading that; it's the fact the having an offline private
| life is being eroded, and I'm not sure about what is
| replacing it.
| f6v wrote:
| > 6 years old and already having to navigate software,
| passwords, privacy.
|
| If he's in the US, he already needs to start saving for
| college.
| WesolyKubeczek wrote:
| Sorry 1Password, it took you so long to make this move that I had
| sold my soul to LastPass in the meantime.
| dteare wrote:
| Sorry it took us so long! We'll do our best to win you back. <3
|
| ++dave; 1Password Founder
| roustem wrote:
| :(
| qntty wrote:
| I just switched to 1Password from LastPass after LastPass
| recently restructured their pricing, and it was very smooth.
| Just imported by passwords and they all worked.
| filereaper wrote:
| What's the password recovery process like with 1Password for
| family accounts?
|
| I'm the administrator for my family's account on LastPass and my
| wife forgot her master password and has now burned the associated
| email.
|
| The account was unused and empty so nothing was lost but it
| highlighted to me that account recovery was not smooth or
| seamless. As an administrator you can't just issue a password
| reset on their behalf.
|
| If you're testing out these password managers, try a recovery
| first with a burner account before fully entrusting them with
| valuable passwords.
| kelnos wrote:
| If it were possible to recover lost passwords as in your wife's
| case, then I absolutely would not trust the service at all. If
| you forget your master password, the passwords contained _must_
| be unrecoverable at that point. If they aren 't, then that
| means the server/service has access to your plaintext
| passwords, and that is (or at least should be) an unacceptable
| security risk.
| Hackbraten wrote:
| The server never gets to see your master password nor the
| vault key. Every client has a public/private key pair. The
| private key grants access to the (symmetric) vault key and
| will never leave your device. At vault creation time, a copy
| of the vault key is encrypted using the public key of the
| recovery group and then stored on the server.
|
| The only secret the server ever sees is the secret (device)
| ID, and that's by design.
| Hackbraten wrote:
| > What's the password recovery process like with 1Password for
| family accounts?
|
| Short answer:
|
| When 1Password creates an encrypted vault, it will make a copy
| of the key, encrypt it with the public key of another family
| member (e.g. you) and hold the encrypted result in escrow on
| 1Password's servers.
|
| If your wife forgets her master password and chooses to request
| recovery, a special procedure starts. First, 1Password asks you
| to confirm that the request is legit. If you confirm, the
| server will delete and re-create your wife's account, then send
| you her new public key and the encrypted escrow key. Your app
| uses your private key to decrypt it. (Now your app has your
| wife's vault key.) Your app re-encrypts it with her new public
| key, uploads the result and forgets the key. Finally, the
| server sends your wife her encrypted vault together with the
| thing your app just did. Now your wife can access her vault
| again.
|
| Long answer: see 1Password's security white paper [1].
|
| [1]: https://1password.com/files/1Password-White-Paper.pdf
| ______- wrote:
| 1Password looks cool and all, but I'm left wondering how it all
| works. Specifically their pricing[0]. So what happens if I just
| refuse to pay them when my subscription is up and I need another
| year/month/whatever? Do all my secrets & passwords become
| inaccessible?
|
| Because if I couldn't access my passes by merely not paying up,
| that's plain extortion. I didn't read their terms, hopefully
| someone here can enlighten me.
|
| [0] https://1password.com/sign-up/
| pseudalopex wrote:
| The apps become read only. I don't know if you can access the
| web version.
| bwoodruff wrote:
| You would also still have read-only access through the web
| app. :)
|
| - Ben, 1Password
| curiousgal wrote:
| You still get read-only access. Where you can no longer add or
| edit your entries.
| beyer wrote:
| Your data is yours. Even if you cancel your subscription and
| your account is frozen[0], you can still sign in to
| 1Password.com or in the apps to view and export your data.
|
| [0] https://support.1password.com/frozen-account/
| ______- wrote:
| Thanks for this ;)
| rubyist5eva wrote:
| FINALLY - I've been making due with 1Password X in the browser,
| but having the app itself will be much more convenient.
| VadimPR wrote:
| This is fantastic and this is just about how you should do your
| Linux product.
| ramboldio wrote:
| Have used 1Password before they had a client on linux and I have
| to say: I'm very relived now that I can now authenticate with my
| system keyring and not by entering my master password into a
| browser extension.
|
| (also much more convenient, can even use my fingerprint reader,
| if I wanted. On Linux!)
|
| (should be a browser feature)
| bwoodruff wrote:
| Thanks for the kind words! Glad to hear it is working out. We
| have beta support for mutual unlock of the Linux app and
| browser extension so you can unlock in the browser using your
| fingerprint. You can check it out here:
| https://1password.community/discussion/120745/a-better-way-t...
| - Ben, 1Password
| CamJN wrote:
| Just a warning for people who don't know the parent is
| referring to the extension formerly called 1Password X (now
| just 1Password in the browser because AgileBits wants you to
| use that one) which puts ALL OF YOUR PASSWORDS into your
| browser's memory.
| roustem wrote:
| Why are you making stuff up, CamJN?
|
| The extension is using IndexedDB to store the passwords and
| other items. A lot of work went into making sure the
| extension uses as little memory as possible.
|
| Roustem Founder of 1Password
| Qub3d wrote:
| This is an interesting concern, and you've pasted this
| identical comment at least three times in this thread.
| Could you elaborate or link to somewhere that explains this
| in detail?
|
| This comment on its own isn't very helpful.
| CamJN wrote:
| This comment by me was wrong, sorry everyone. They're NOT
| doing stupid crazy things.
| roustem wrote:
| > They do not say that they do not decrypt your entire
| vault into browser memory, because they do.
|
| I am sorry but this is just wrong. I have close to 6,000
| items in my 1Password across family and business
| accounts. Loading everything into memory all the time
| would be ridiculous.
| CamJN wrote:
| I agree, but I was under the impression that the vaults
| were encrypted as a whole, but according to the security
| white paper that changed at some point. So you can
| decrypt individual passwords. So I'm happy and am in the
| process of correcting my comments. Sorry.
| roustem wrote:
| Thank you for following up, CamJN!
| CamJN wrote:
| This statement by me was incorrect and based on the belief
| that they still encrypted vaults as a whole, but they've
| moved on to encrypting individual passwords so they can be
| decrypted individually and my whole concern was unfounded.
| I can't edit that comment anymore, probably took too long.
| But it is wrong.
| Jeff_Brown wrote:
| If I ever move to Brazil, I look forward to welcoming all of
| Brazil to my family. I'm not sure how they get by alone.
| dathinab wrote:
| The problem I see is that their Linux Keying integration is as
| far as I can tell done in a way it's not supposed to be used by
| anything and as such they need to ship with a SUID binary helper,
| basically a (hopefully) harmless root backdoor.
|
| (And I'm not speaking about the chrome/electrone sandbox, which
| can be run without SUID on modern systems).
| ag_christian wrote:
| Do you mind expanding on why its problematic? We've built the
| kernel keyring integrations primarily to power the browser
| integration feature. In this case, "anything" ranges from users
| curious how it works to malware looking to steal credentials.
|
| 1Password puts in effort where possible to defend against
| attacks on your local system, so we need the keys currently
| used as part of the kernel keyring integration to be
| inaccessible to anything in userspace or otherwise some malware
| could steal credentials going back/forth to the browser.
|
| The SUID binary helper is unfortunate, but you can blame Linux
| for that. Our integration makes extensive use of the
| KEYCTL_CHOWN and KEYCTL_SETPERM syscalls for the reasons stated
| above, but a process needs the `CAP_SYS_ADMIN` capability to
| call them (ctrl+f on the man page for capabilities). In the
| end, we decided that making it SUID was more transparent to
| users then giving it that capability on install since the
| former is more visible.
| OttPeterR wrote:
| Even though we're a Bitwarden family, I'm happy to see other
| password managers supporting Linux, the world needs more native
| Linux support in their applications!
|
| Edit: not too happy about electron, but it's still a step in the
| right direction for the common folk who use Ubuntu and aren't the
| most tech savvy and just don't care
| ziml77 wrote:
| Bitwarden is also Electron, at least on MacOS. I discovered
| that when I wanted to mass-delete entries and Cmd-A selected a
| bunch of random text on screen (including the hint text in the
| search box...). Was able to confirm by pressing F12 which
| brought up the dev tools.
| f00zz wrote:
| I just use pass: https://www.passwordstore.org/
| sam_lowry_ wrote:
| gopass [1] is a 100% compatible pass implementation that has
| some collaboration features added.
|
| However, I primarily use it for the `gopass search` output.
| This is where `pass` really sucks for those who copy-paste.
|
| [1] https://github.com/gopasspw/gopass
| creese wrote:
| find ~/.password-store -name '*.gpg' -printf '%P\n' | sed -e
| 's:.gpg$::gi' | fzf | xargs pass -c
|
| There is also an extension: https://github.com/ficoos/pass-
| fzf
| sam_lowry_ wrote:
| Good point, but `pacman -S gopass` is wa-a-ay easier ;-)
| drstewart wrote:
| Correct. For a Linux user, you can already build such a system
| yourself quite trivially by getting an FTP account, mounting it
| locally with curlftpfs, and then using pass on the mounted
| filesystem. From Windows or Mac, this FTP account could be
| accessed through built-in software.
| xd1936 wrote:
| This comment has big "why use Dropbox when you can get an FTP
| account, mount it locally with curlftpfs, and then use SVN or
| CVS on the mounted filesystem"[1] energy. I think that's the
| joke you're making?
|
| 1. https://news.ycombinator.com/item?id=9224
| apozem wrote:
| For those who don't get the joke:
|
| https://news.ycombinator.com/item?id=9224
|
| (If this is not a joke, yikes).
| jacurtis wrote:
| This is like saying that you could replicate Instagram in a
| single evening, allowing people to upload pictures and post
| them to a feed.
|
| Sure, you could... but there is a monstrous gap between that
| and the real service that you are comparing it to.
| bspammer wrote:
| They're not suggesting pass to the general population, but
| I'd expect the average HNer to find it useful.
|
| Syncing is also very easy for developers - just use git.
| konart wrote:
| Yeah...
|
| Will it also suggest me my passwords in iOS?
|
| Come on, guys, 1Password is not only about syncing passwords
| between N computers.
| esclerofilo wrote:
| Actually, yes, there's an open source "Pass for iOS" app.
|
| Not that I recommend this setup though.
| [deleted]
| soshiito wrote:
| Congratulations.
| jrm4 wrote:
| No, but in all seriousness, I emphatically DO NOT UNDERSTAND
| the extent to which people place trust in external services to
| manage passwords. While I appreciate that they do have good
| skin in the game by being paid, etc -- your password storage on
| SOMEONE ELSE'S MACHINE fundamentally creates another huge
| attack vector/opportunity to screw it up, when they also must
| be accessed locally somehow.
|
| I appreciate it if you're like "look, the convenience outweighs
| the safety," but it really feels like most of these discussions
| hand-waves away this fundamental flaw.
|
| I say this especially as someone who doesn't do a lot of
| passworded services on my phone, because, you know, that stuff
| is _really_ insecure no matter how good your password is.
| octobus2021 wrote:
| Exactly. I have an open source password manager on my Linux
| laptop and the data files are backed up weekly to 2 different
| locations (along with other valuable information). Granted, I
| have little need for password management on the phone, but
| even if I did, why would I trust someone to keep track of my
| credentials? I just don't get it why so many people seem to
| be ok with this...
| bombcar wrote:
| Since most passwords can be reset via email, you're placing a
| similar level of trust in your email provider (and if you
| host your own, in your domain provider).
|
| At some point the paranoia isn't productive anymore.
| jrm4 wrote:
| My threat model isn't super high profile, so no?
|
| Partly given 2FA, but more importantly the fact that I
| check my email pretty frequently (most of them will be like
| "hey, someone's trying to change your password, is it
| you?), I don't think that's a fair comparison.
| iudqnolq wrote:
| Here's the mistake I made that made me decide to switch to
| 1password
|
| https://news.ycombinator.com/item?id=26801155
|
| Also, depending on your phone, it might be significantly more
| secure against non-superpower actors.
| jrm4 wrote:
| Fair, but I just have them backed up to a non-encrypted USB
| key, offline.
| iudqnolq wrote:
| If it works for you, that's good. It's less the specific
| issue and more it indicated to me I was rolling my own
| crypto and didn't know enough to avoid shooting my feet
| off.
| dieortin wrote:
| What's the harm on storing your passwords on someone else's
| machine, as long as they're encrypted with a good password?
| jrm4 wrote:
| I suppose I mean "service" more than "machine," i.e. any
| system in which the owner of the other machine has a shot
| at getting at your stuff. I know "zero-knowledge" is
| possible, but, again -- why risk it?
| kelnos wrote:
| > * I emphatically DO NOT UNDERSTAND the extent to which
| people place trust in external services to manage passwords.*
|
| I'm generally fine with this if the password vault is end-to-
| end encrypted, the vault's password is never shared with the
| server, and the server doesn't have access to the plaintext
| passwords at all.
|
| At that point you have to trust that the crypto used for the
| vault is done correctly (and that trust is easier to come by
| if the clients are open source). But that's the same trust
| you'd have to extend if you used another solution (e.g.
| Bitwarden) that allowed you to self-host the sync service.
|
| If you only access password-protected resources from one
| system, then you don't need sync at all, and this problem
| goes away. If you do need sync, you're going to have this
| problem no matter what.
| jrm4 wrote:
| Define sync? I still far more trust "my own encrypted
| volume" plus "home-rolled synchronization (Syncthing, in my
| case)" than e.g. a Bitwarden.
|
| (also, I have no idea exactly what "end-to-end encrypted"
| actually means these days, given the loose way many
| apps/services seem to define it.)
| HotHotLava wrote:
| I do as well, but I have to admit that a browser-based solution
| has a real security advantage when it comes to phishing
| protection, since it has access to the URL and can compare it
| to the one stored for the password.
|
| It would be cool if there was some open password management API
| that browsers/password managers could implement to solve this
| without extensions.
| waheoo wrote:
| You mean bitwarden?
| 1cvmask wrote:
| We at saas pass authenticator and password manager solved the
| linux support by building a comprehensive browser extension
| application that does not require a desktop app at all. It is a
| different approach eliminating the need for a local client. All
| the major browsers on Linux are supported including chromium.
|
| (helped with design of the browser extension)
| bassdropvroom wrote:
| Sure, but a browser extension cannot handle anything outside
| the browser. Which for many is fine, but there are still plenty
| of individuals who need that outside the of the browser.
| 1cvmask wrote:
| Absolutely correct. For those edge cases there is a
| copy/paste available from the web portal or browser
| extension.
| bassdropvroom wrote:
| Pretty much all password managers I've used have had this.
| I see having to copy and paste more as a workaround for a
| missing desktop client rather than a solution.
| xiaomai wrote:
| I love seeing all the proper integration with gnome/kernel/etc.
| Props to the 1password team.
| htatche wrote:
| Cool, just swapped the sandboxed one for this version, it feels
| snappy!
| rvz wrote:
| What a scam. All this hype and it is another Electron app.
| Windows and Mac versions are native and yet Linux gets a version
| that uses 'Electron'. Yuck.
|
| Fortunately, to give us the illusion that it is 'fast' they need
| to mention that it uses 'Rust'. And?
| tpush wrote:
| There is no 'native' GUI in Linux. Skia rendering you UI is not
| any less native than GTK's or Qt's rendering engine doing so.
| rvz wrote:
| > There is no 'native' GUI in Linux.
|
| No where in my sentence is talking about the GUI alone, and
| that is another Linux problem for another discussion.
|
| It is enough to say here that if the whole app is running in
| a browser, it is NOT a native app. That is that.
| wbkang wrote:
| It specifically calls out many the native integration features.
| What are you looking for in non electron apps that is missing
| in this version of app?
| rvz wrote:
| How does calling _' native integration features'_ make it _'
| native'_?.
|
| If the whole app is running in a 'browser' (which is exactly
| what Electron apps do) it is not a native app. 1Password 7 on
| my Mac is a native app.
|
| > What are you looking for in non electron apps that is
| missing in this version of app?
|
| In general. That fact that I don't need to upgrade the RAM of
| my computer to run multiple apps at the same time. I can do
| that with native apps perfectly but not with downloading and
| using tons of Electron apps. Has to be close one app and open
| another or else the computer grinds to a halt.
|
| Adding one more Electron app to the mix (Regardless of using
| 'Rust') makes it a step closer to running my computer to the
| ground.
| f00zz wrote:
| I wonder if Qt developers are that hard to find.
| konart wrote:
| How many widely used Qt\GTK apps can you name if we are
| talking about general market and not just linux tools build
| by developers for developers?
|
| I can name Krita and that's about it.
|
| So... yeah, I guess finding a professional skilled in Qt or
| GTK might be problem.
|
| And honestly - why bother?
| f00zz wrote:
| Telegram, Maya, Ableton Live?
| bwoodruff wrote:
| Hi rvz! Are you having performance issues with 1Password for
| Linux? I understand some folks are just anti-Electron based on
| what other vendors are putting out there, but the app has been
| quite responsive for me. Please feel free to reach out to us at
| support+linux@1password.com if you're experiencing any sort of
| sluggishness and we'll be happy to help. Thanks! - Ben,
| 1Password
| blaydator wrote:
| I have always wondered why we can't make visible the master
| password when typing it. My master is very long (pass phrase) and
| I have to type it very carefully, it's even harder on mobile.
| Such a pain ! Isn't it a basic UX pattern to allow the user to
| show/hide the password as type it (with the popular eye icon at
| the end of the password input) ? Am I missing something ? Is this
| not present for security reason ?
| benhurmarcel wrote:
| I agree, a button next to the field would be nice. I'm most
| often alone while typing the master password, it would save me
| a lot of tries.
| roustem wrote:
| It is a protection from "shoulder-surfing". I agree with you,
| there has to be an option to reveal the password if needed.
| AnonHP wrote:
| PSA: Note that AgileBits intentionally hides the standalone
| license option and pushes subscription as the only visible scheme
| to get the application. This is a long standing dark pattern, and
| though the support staff will admit on their forums or here that
| the standalone license does exist, you wouldn't be able to find
| it without some special incantations on the forums. They will
| keep reiterating that it's for your own good so that you don't
| get confused.
|
| The application UX may be great. The sync may be great. The
| security of the closed source application may be great (because
| of audits). But this single dark pattern and the condescending
| attitude of their team members whenever the topic of standalone
| license comes up are enough to avoid this company. If you can get
| to the standalone license purchase option within three or four
| clicks from the main site, do let me know.
|
| I switched out of 1Password to Bitwarden long ago. I will admit
| that Bitwarden is not fantastic (I find it somewhat slow and also
| lacking some features). But it doesn't use dark patterns like
| AgileBits does.
| jacurtis wrote:
| I started using 1Password a long time ago (~10 years) when the
| only option was the standalone license option. It is a lifetime
| license for about the cost of ~2 years of subscription.
|
| They still sell and "support" this standalone product. But I
| use the word "support" in quotes because the standalone license
| doesn't offer all the features of the subscription product. I
| resisted switching to the subscription product for many years,
| but eventually there were many features that were only offered
| on subscription accounts and I caved and made the switch.
|
| So I just wanted to warn other people that before you buy the
| Standalone option, you should know that it isn't quite the same
| 1Password experience as the subscription. There are quite a few
| significant features missing.
| kijin wrote:
| Lifetime licenses rarely last a lifetime. Most products will
| run out of support long before you run out of life. You'd be
| lucky if the company even existed after 10 years.
|
| Before subscription software became all the rage, you had to
| purchase a license for a specific version. You had the right
| to keep using the version you purchased for as long as it
| worked, but if you wanted any new features, you had to shell
| out money again for a new version every few years. Maybe
| you'd get free bugfixes from time to time, but that was about
| it.
|
| Now we're all spoiled by the rolling updates funded by the
| subscription model. We keep asking for the old pricing model,
| and at the same time want all the new features to be
| backported perpetually. :)
| kodah wrote:
| I like the JetBrains model where I pay a subscription and
| get that version for forever. I'd love to see more
| companies with this model.
| Mister_Snuggles wrote:
| The sync story bothers me.
|
| In my mind, Enpass is one that does it correctly. They don't
| offer a sync service, instead they let you choose from a number
| of popular ones (OneDrive, Dropbox, iCloud, and a few others),
| one of which you probably already use. There's no need for yet
| another cloud service to solve this already solved problem.
| blaydator wrote:
| That's the feature that made me switched to Enpass as well.
| Between the licence thing and pushing the subscription, I
| have lost trust in 1Password, even if it (still) offer the
| drop sync as well.
| ngrilly wrote:
| I used to think like that but syncing files and syncing
| passwords across multiple devices are different things,
| mainly because of conflict management. If you have a conflict
| on a file which has been modified on two devices, there is
| not that much do you can do except using the most recent
| update based on timestamps and keeping the other one as a
| backup file. Dropbox does that for example. For password
| entries, it's possible to be much master and do the same per
| entry, and even merge the fields within an entry. To do this
| in a reliable way on a remote file system, I think a file
| locking or a compare and swap mechanism is required.
|
| Another constraint with using a file sync service is this is
| introducing a kitchen and egg problem when we lose
| everything. We first need to restore access to the file sync
| service to then be able to recover the password file. Which
| means we can't use the password manager for the file sync
| service. Not a deal breaker, as it is what I'm currently
| doing, but I've always wondered how it would go after a
| catastrophe like losing everything in a home fire.
| jacurtis wrote:
| I used the standalone option for 1Password for many years.
| They too allow the same thing. I would store my 1Password
| vault on Dropbox, which effectively handled the sync for me.
| trevor-e wrote:
| Yea I paid $65 for the standalone version back in 2016 which
| seemed really expensive for something that's essentially an
| encrypted database (despite its great UX). My reasoning is I
| didn't need any of the fancy family sync features and preferred
| to handle the syncing myself for free. They've basically
| discontinued that product and I can't update to their latest
| app since it only supports the SaaS product accounts. Complete
| waste of my money.
| seppin wrote:
| Also stuck on 1P 6.0. Paid full price, now slowly their
| browser plugins stop working etc.
|
| Very disappointing.
___________________________________________________________________
(page generated 2021-05-18 23:02 UTC)