Moving from 1Password to KeePass

I longtime use Password Wallet (www.selznick.com), which has a local database also. It is non-subscription. The database works on Windows, IOS, and Android. It allows for sites that require login on one page, and password on another. It also allows a password plus a PIN. I presume KeePass does these, too. It can sync with Dropbox. Moving from 1Password might be difficult. The only potential downside for me is that it is a one-man operation, who so far is alive and well. He is very responsive. New Mac OS’s have not required any updates at all. I should note it is also great for entering Credit Card numbers and their 3-digit codes. All info gets pasted, not typed, which eludes key trackers, I suppose.

Is Apple’s Keychain so bad that it doesn’t deserve comment? I’m certain lots of Apple owners use Keychain and are completely satisfied.
I’ve been a 1Password user for a long time and Keychain just seems to get in the way but I either ignore it or make it a second password option. My wife prefers Keychain.
If iPassword is changing again, I’m gone. Maybe it’s time to look at KeePass.

Now that it supports two-factor authentication, it’s pretty good if you don’t stray outside the Apple ecosystem. I need something that isn’t so platform-specific.

Family plan keeps us on 1Password. My wife and I need to share passwords.

That’s the next hurdle I need to figure out. KeePassXC has that function, but I haven’t tried it yet.

One more vote for Password Wallet. I too have used it a long time (since well before 2001) and have received help from the developer a few times.

I currently usw1Password but the apparent inability to store the database locally in v8 is a deal breaker for me. Have been scratching my head for some time about where to and how, when v7 stops working.

Thanks for the article Josh, am looking forward to the next instalment re family sharing

First, I’m always glad for alternatives/competition. I’m glad there are good choices for Mac/iPhone.

I’ve been using 1Password 8 for almost 3 months. I think it’s great. It’s still in beta and they keep on adding new things including making it feel more Mac-like. For example, Command / is back. They’ve recently added support for SSH keys that 1PW 7 did not have.

I do not care about local vaults. One can export the cloud vault to clear text for backup if they want. I do not care about Electron. The program looks pretty good on screen. It does not seem to be any more or less prone to performance issues than any other program. Especially as MacOS itself seems much more prone to slowdowns than it did a few years ago.

The kicker is the ability to share and manage accounts for the family including kids and senior parents. Of all the $50 subscriptions these days 1Password is probably the most valuable to me.

Thanks, Josh, for this timely article. I’m a retired US Government employ and just learned access to my retirement account is changing to require the use of Login.gov (one ring to rule them all…). Login.gov suggests using a TOTP app in preference to other 2FA methods, and offers 1Password and OTPManager (https://www.stickybit.nl) as examples for macOS, and while OTPManager is free, I’m grateful to find other alternatives are available - especially re ‘password sovereignty’.

To date, my password management has been a combo of (ahem) the ol’-stick-in-the-mud ‘little black book’ method (actually an obscurely named text file buried deep in the file system), browser-storage, and iCloud Keychain sync for my iPhone (which I rarely use these days… no cell service @ home). Of course, this method requires manually adding PW’s to each browser, a somewhat minor inconvenience and any TOTP requirements can only be achieved via email (for my situation)

I, too, am a little leery even using iCloud and really appreciate your local NAS / WebDAV server option. As in the locksmithing realm, its acknowledged locks only keep honest people from gaining access, all locks are pickable - so the added layer of local storage is a plus

I also have a Synology NAS and look forward to you future posts describing your exploits therewith as well

Josh,

You mention browser extensions in the article. I’m still using, at least for some of my passwords, Password Wallet from (Selznick Scientific Software. It has an “auto-type” feature which doesn’t rely on a browser extension but uses Accessibility features on the Mac to accomplish a similar purpose.

I see both Strongbox and KeePassXC have listed auto-type/fill for passwords can you elaborate on how they accomplish this? I can’t tell from reading the apps sites how it’s done.

Thanks.

Cheers,
Jon

It looks like OTPManager is implementing the industry-standard TOTP algorithm (RFC 6238), so there are dozens of different apps you can choose to use, whether or not officially supported by login.gov.

Thanks for the info @David C.

Authentication options | Login.gov requires “at least one secondary authentication method” and then describes various options, Authentication applications being just one. OTP Manager is listed as one of the “popular options”, although they also mention using “supported applications”. Since they “adhere to the latest security standards…”, one would imagine there are other options ‘supported’

I’m liking Josh’s recommendations, so we’ll see what works… hopefully with minimal ‘rinse and repeat’ cycles…

Thanks again for chiming in

My wife still uses it…and it is a fine app…and the dev is pretty responsive to email…but there are too many drawbacks IMO to use it. He is a one man shop and updates to add features are non existent…and if you google his name he has new interests. That’s not to call it abandonware but it’s getting to that end of the spectrum. Vault sync is still horribly cumbersome between devices, there aren’t browser plugins, and auto entry of user I’d and password from the app is still cumbersome. The biggest is sis the one man shop…users are only a heart attack or an ‘I wanna do x now’ from abandonware.

That said…the forced subscription, no local vaults, no DropBox support, Electron app, and (so far) no ability for a user to backup their data to the location of their choosing and restore that data if needed…are going to be deal breakers for a lot of users. As I said in the other thread about stores…businesses exist to make a profit and it has become clearer and clearer over the past couple years…and amplified by them selling part of the company to VCs which is what happened regardless of their attempts to put lipstick on it…that they really don’t care about individual users now, they’re business is oriented to business and large corporate users because they’ll make more profit that way in their view. Nothing wrong with that…but it kills the product (at least with v8) for individual or family users who value the above features. Unless v8 fixes those issues…many will use v7 until it breaks and then move on. The company has embraced Windows users over Mac and iOS users…again, their choice and they get to do that…but users get to vote with their dollars.

I did a pretty thorough look at alternatives a few months back. My needs are DropBox sync, backup and restore locally, and I need attachments to records and Secure Notes capability. Enpass seems to be the most viable alternative.

I have, in the past, used Dashlane - dropped because of the large price increase - and 1Password. I didn’t care for the subscription model so, recently, I changed to Buttercup. (buttercup.pw) It’s easy to use and free. Based on responses to a post I put up a couple of months ago, the developer and I are the only ones using it. But take a look - it seems to meet most of the requirements I see people listing.

Yes, I realize that sooner or later one has to move on, though Password Wallet still fills my needs – even the sync between Mac and phone is done in a second or two. Thanks for the suggestion to look up the developer’s name. I knew that he was involved in the space industry, but not that he had an asteroid named after him!

Yeah…I think he has mentally moved on from PW…but since he still makes some sales hasn’t officially abandoned it. The biggest issue from my standpoint is the one man shop…password keepers are the most vital utility we have and there is Zero support outside of Sanford.

So Strongbox uses the built-in autofill functionality. I haven’t really tried that on the Mac, because I don’t use Safari, but on the iPhone, you get that little bar above the keyboard that gives you password options.

As far as the KeePassXC extension, it works similarly to 1Password except for the extra security prompts. It shows a little KeePass icon in a login field that you click to either autofill the password or show multiple options if you have more than one login for that site.

Screen Shot 2022-04-12 at 6.38.18 PM710×230 8.74 KB

1Password 8 for iPhone and iPad is now in beta, so you can try it and decide for yourself.

Thanks for this coverage.

I don’t like paying subscription fees or trusting others with my data. But I have lost more data while “rolling my own” than I ever did in the cloud.

But there’s another, key reason I finally moved my 1Password database from Dropbox to 1Password.com. It finally hit me after setting up some new devices that I was dealing with a chicken and egg problem. I couldn’t get 1Password running until I got Dropbox running. But my Dropbox password was in 1Password.

Normally I could fetch the Dropbox password from another device already using 1Password. But that’s not a good disaster recovery policy. What if I lose all my devices? What if I’m gone someday and my family has to figure out how to get into things? (See the “Digital Legacy” book). Try documenting the process for your loved ones. You’ll quickly pay the subscription fee.

By using their hosted product, I only need a web browser and my 1Password credentials to bootstrap.

Now, none of this implies that 1P couldn’t or shouldn’t use an open database format that could also be backed up locally. There’s no reason we can’t have both cloud advantages and independence; but 1P would have to accommodate. I would like to see them provide some type of off-the-grid, break-glass functionality like this.

Today my annual rent was due for 1Password7. I just cancelled my account. I started with 1Password4 in 2014 and never thought I’d change but now it’s time to move away.

Reasons?

• Rentware = bad
• Cloud only storage with no local files = bad
• Java “app” written for platform universality vice Mac specific program = bad
• Ceaseless cutesy icons and breezy air = somewhat nauseating
• Family sharing = useless due to empty nest and impossibility of getting spouse to use a password manager (making slow progress with Safari passwords/keychain)

Enpass meets my needs and I’ve been surprised how good it is. I’m also happy for local storage and an outright purchase.

For my real bucket list (“Here’s what to do if I die”) I’m working, while consulting Kissell’s book, of course, on a variety of methods to maintain a chain for recovery in the event of various disasters. Starts with shared files in iCloud, encrypted and password protected of course. Continues through schemes involving recovery with BackBlaze backups, etc. etc.

Best of luck to whoever owns 1Password now. I just don’t think that a large number of users even need a PW manager beyond what Safari provides (present company excluded, of course), and overall security that Apple continues to improve.

Wondering if anyone has any thoughts about the soon-to-be-released DuckDuckGo Browser for the Mac? Any beta testers here? It’s supposed to include a password manager which will import from 1Password and LastPass. And they are working on syncing between the mobile app and the Mac app. Other than that, I know nothing about it.

I’ve been using the privacy-oriented iOS DuckDuckGo browser for some time and have been pleased with it.

I’m definitely intrigued by the idea, and will give it a tire-kick once it’s out of beta.

I’m a bit skeptical of browsers released by companies that don’t specialize in browsers. As for password management, I want that to be standalone and not tied to a specific browser. I’ll have to play with the beta and see what format they use for the password database.

I have a sub as well…but my main vault is on DropBox and their copy is a backup. The chances of losing all devices, all my wife’s devices, and the paper copy our son has of the 5 of 6 passwords that get to the rest is pretty low. You still have a chicken and egg issue though…you need both your master password and the long and non-rememberable secret key to get in. At that point…I would have to pullout my own piece of paper. Alternatively…my DropBox folder gets backed up in several places so as long as one of those is available I can use my new iPhone to recover.

Even with the sub…you still need to get something to your survivors…in my case it’s a hard copy of the recovery key and a hard copy of password manager, device, and computer passwords that he has in his safe.

They claim that their master password and Secret Key combo is more secure than DropBox and master password…and that’s why they can’t support non sub accounts. That sounds like BS to force you to sub…the algorithm that uses both could easily run locally…it’s just computer code. Using DB means that 2 services have to be compromised instead of 1 which is more secure to me…and in any event better security is the enemy of good enough security. Once you choose a master password and DB password that give you security for centuries using a massive offline cracking scenario as illustrated by Steve Gibson’s Haystacks page…the fact that you could do something to increase the time from 10,000 centuries to a million of them is completely irrelevant. It is mathematically true and correct…but who cares at that point.

As long as you still have your car or son or buried in the yard or wherever you’ve hidden the paper copy…you can recover from this problem…and without paper someplace you can’t recover from the problem anyway if you lose all devices…because nobody is remembering their secret key.

The sub isn’t the issue for me…I already have one as part of my recovery system. What is the issue…and it will be one for any security professional…is complete reliance on a single entity for recovery…single point of failure is nerves good…especially as the company is clearly pivoting away from individual users in my view and towards business users as a business model…that’s where the money is and their VCs want to make a profit. If they cared bout users…and Mac users in particular…we would have a native app…and while I’m not all that hung up on a native app I would rather run the iOS one on macOS than a non native one…the lack of one is another indication of their direction to me…and all of their denials and explanations and marketing speak rings hollow to me.

Am I the only dinosaur still using 1Password 6? Yes, its UI is gimmicky and outdated, but it’s not rentware and it integrates seamlessly with my devices and browser of choice. Even in Safari, where its extension doesn’t work, the menubar dropdown is more efficient than any other password manager I’ve tried. I like Strongbox’s UI far more, and exporting to it from 1PW was a breeze, but the absence of a browser extension is a deal breaker for me.

Enpass does all of that, with webdav as well.
I just purchased the “Lifetime” option so no monthly fees.
Now, I yet to set it up, but that is coming…

Rich

Still on 1Password 6.8.9. Working ok on new MacBook Pro 16 inch
with Monterey 12.3.1. About to start testing Buttercup and KeePassXC.
Buttercup has an extension for Google Chrome browser.

Strongbox looks nice — weak point seems to be capturing new logins or password changes on macOS Also, though autofill works, what is annoying is that Safari always kicks in and offers to save the just filled in credentials (you need to click on not for this website). Seems to be a bug in macOS, but a browser extension would work better here. Sharing via iCloud drive appears to work.

Enpass initially looks nice: none of the issues Strongbox has with filling and capturing. My beef with it: while it does support multiple vaults, you cannot share with iOS via iCloud with a different account and the folder sync offered on macOS is not available in iOS (will it would probably be a files app sync).

So, Strongbox would be nice if it could capture logins/login changes or had a browser extension.

I have happily managed my passwords in Secure Safe for many years now. Secure Safe is from a Swiss company which came recommended by a security officer of a company I worked for in the past. You can access your securely stored passwords and documents via their website or an app (which also stores passwords locally) available for iOS, Android, Mac and Windows and you can choose from various pricing options, including a free one.
I suggest you take a look at SecureSafe | Pricing for more info. They often give discounts, so I recommend checking for discount codes before signing up for a paid account.
(I have no relation with the company other than being a very satisfied customer)

Yep. The main reason I want the extension is to capture new passwords and changes, which is why I use KeePassXC’s browser extension. If Strongbox had an extension it would easily be the top pick for macOS.

No votes for Bitwarden? I need a cross-platform solution which made 1Password too expensive, and have had good experiences with Bitwarden for several years. I’m not, however, a security expert, and it may not be that safe.

Fwiw, Bitwarden is the Wirecutter’s free/budget password manager solution. It sounds like a good option. The 2 Best Password Managers for 2022 | Reviews by Wirecutter

I mentioned it in the article. I think it’s a great option.

I also am on 1PW 6.8.9. I like having everything local, with local backups. I was wondering how that would work on the latest version of the OS. My “old” Macbook Pro is only up to Mac OS 10.13 (can’t go beyond 10.15). Thanks for the confirmation. But I may take a look at some others. I just need to be able to coordinate between Macbook Pro, iPhone, and iPad.

I’m no dinosaur, but I am getting older, and Josh, your solution works for a young person with smarts, energy, and time. Thinking ahead to a slowing mind, failing memory, and diminished senses and mobility, I want a simple solution that requires as little maintenance as possible, at the lowest cost. I’ll stick with 1Password and see how 8 pans out, and if it is as ugly as Evernote (Electron version) I’ll consider a return to Keychain or one of the “free” or “pay once” alternatives.

I use Apple’s accessibility feature called Voice Control to operate my Mac. I’m trying to stay away from electron Apps because they do not appear be usable with Voice Control’s numbered overlay feature where every UI element is numbered so you can interact with the UI element by speaking the number. Because of this fact I will not be going to 1Password 8 from 1Password 7. Does anyone know of the different password managers discussed which ones use electron so I can make sure to avoid them?

I use it: the convenience is great, combined with the password generation, and as Josh says, now auto-populating 2FA as well. In a locked-down work setting on a PC, I don’t get to install a client anyway so being able to get to all my passwords securely on my phone and just enter them manually as and when is usually a one-time or at worst infrequent hassle, and having Chrome remember them in my Google account helps. With some Apple TV apps (but not all!) the password field will also populate when using an iPhone or iPad, or if not you can copy and paste it in: a bit of app-switching, but not more than that. As they are copied locally I am not worried about a cloud outage. If I were genuinely cross-platform and also had universal admin rights, I could see a use case, but in answer to Steve: yes, completely satisfied, to the point of proselytizing zeal!

I’ve been in IT since punch cards, and I manage several Wordpress sites, etc. etc. Full techno geek. And what I see here is “all you have to do is [gobbledegook]” This is a solution for 1% of your readers. That said, I don’t like some of what you say about 1PW8.

Enpass works very well for me also. Has a totally local option which I find very important.

All these comments without a single mention of LastPass? I wonder why.

I don’t understand why nobody in this discussion has mentioned LastPass. It started as a Mac program and is available on all platforms. It seems to solve every issue that everyone has brought up like sharing passwords, family plan pricing, passing vault access to your survivors should you die, storing images (like your vaccination card),etc. As I understand the encryption, the vault resides with LastPass in a state where last pass does not have the encryption key. It also puts a local copy on every one of your devices that has LastPass on it. This allows you to not only access it from all of your devices but you can access it from any device in the world with Internet access. Over the last year it seems that LastPass has created different methods for automatically filling your username and password in all the sites no matter what their quirks are. It also does a great job of filling in personal information on forms.

Exactly why I brought it up. I can’t recall exactly when I started using it, but at least 12 years ago now and I’ve never seen any reason to switch.

LastPass was my first password manager, and I chose it at that time because, although my own computers have always been Macs, I often needed to login to one site or another from public computers in airports and hotels and e-cafes in Thailand, machines that were usually running Linux.

LastPass felt safe for that and for me always worked on every machine. It’s like Gmail in that respect, and the two of them together made traveling easy.

It has always worked very well on my iPhones too.

Also on 1PW 6.8.9 on MacBook Pro running Monterey 12.3.1. Was intending to stay on it until Rosetta goes away but may now make the move to KeePassXC sooner than that. Many thanks to Josh for this article, I didn’t realise there were feasible alternatives out there. The subscription model and being forced to live in their cloud are deal-breakers for me. Like sto I need a browser extension, great to know there are other systems out there with them.

I don’t know about 1Pwd6.8.9, but I’m running 1Pwd 7.9.4 Standalone on my MBP with macOS 15.4.1.

Aren’t you sacrificing a lot in security by using an open-source app? It seems to me, not knowing a lot about this side of the equation, that it can open up vulnerabilities by its nature. I’m not sure that moving from a password manager that stores your data on their servers to one that gives you the option to store locally but may be vulnerable is a good trade. After all, if you need to share data with other devices, you’re going to be storing you data on somebody’s servers, aren’t you?

Now, tell me how wrong I am.

All I can say is “me too.” I don’t know the advantages, if any, of changing from Password Wallet.

LastPass:
S U B S C R I P T I O N

I am looking forward to your TidBits book on Mac Users and Synology. On the advice of a friend, I moved from a Drobo to a Synology. Talk about un-Mac-like, I always feel like I’m trying to find a light switch in an unfamiliar room. I don’t know why when I added a 1GB file I had to replace 3 4TB drives with 8TB drives and I still have no space left.

So that’s why.

Have I understood correctly: 1PW8 only stores data in the cloud and therefore if you have no internet connection you can’t access your passwords? I suppose the argument might be that if you have no internet connection you don’t need passwords but, bearing in mind that vaults contain a lot more than just passwords, this sounds like a major step backwards.

Like some others here, I stayed on 1PW6 for a long time - it did all I needed it to do and did it well.

I’d welcome an expert (re)view on the Apple Keychain, it’s looking more and more attractive for my needs at the moment.

No, 1Password stores and syncs the data to each device and the passwords are accessible even without internet access. Obviously changes are not synced until internet access is restored.

That’s the great thing about encryption algorithms: knowing the method shouldn’t make it any easier to decrypt a blob of random data. This doesn’t mean that open source is more secure, but with open source an expert can audit the algorithms to ensure they are secure - something that can’t be done with proprietary methods. And proprietary algorithms that are trying to ensure security by obscurity can be weaker than known good open source algorithms for encryption.

@ddmiller

Thank you for the confirmation about local storage. I was concerned by this:

Having done a pretty complete survey of the alternatives to 1PW myself…LastPass suffers from the same subscription and loss of features issues that is causing many 1PW users to seek alternatives. Moving to it doesn’t solve any of the issues. If those issues aren’t important to you…then there’s no real need to leave 1PW…but within those issues LP is a decent alternative.

It’s local storage on device only…unless something has changed recently in the v8 beta there is no ability to backup and/or restore a copy of your data to the location of your choice…and they’ve deliberately IMO designed their new encryption process to disallow use of any local storage (i.e., local SSD or network share or DropBox)…or perhaps that’s a deliberate decision rather than an algorithm forced decision. Whether their new encryption process is better or worse…or whether it is a case of better is the enemy of good enough…is a different discussion. Your devices will continue to operate and provide passwords with no internet connectivity…but won’t sync and in the admittedly low likelihood that the 1PW servers disappear the ‘master copy’ of the data disappears. I could live with sub and their servers and the funky app if I have to…but for me and numerous users who have said so over on their forums…the lack of backup and restore by the user to a location of the users choice outside of their servers and the lack of any sync without using their servers is a hard no. Their response has been essentially…we’ve made our decision, goodbye…but our way is sooooo much better and you just don’t understand how it is sooooo superior to the way you might want to do things.

I remember a similar set of arguments when they went to the subscription model.

If there is local storage, then would (one or more of) TM and a clone back this up?

No. In theory, open source is more secure since vulnerabilities are more quickly spotted.

Just my own. (Though I still have my 1Password vault in their cloud as well.)

I have considered pitching it to Joe, and it’s a book I would love to do, but I barely have time to keep up with the ones I’m already responsible for. My review is in the early stages, but the Synology is the easiest server I have ever set up or maintained. I guess a macOS server would be more “Mac like,” but you’ll be hard-pressed to find something more usuable than Synology.

I doubt that will matter at all, as there will be no File / Open in 1Password. The local storage is just caching what the 1Password vault sends to the device. You’ll need to make an initial connection to your account on 1Password before that file appears, and restoring it is not really something that you can do.

Also it seems that it’s not just a “file”, but a complex series of items stored in ~/Library/Containers/1Password7, at least for the current release.

I meant to post this sooner, but, boy, am I glad that you posted this, because it made me consider exactly how I would do the same. What if I am traveling somewhere with just my phone and I’ve lost my phone (so have had to replace it ASAP), and have really slow internet connectivity, so that an iCloud restore would take way too long, so I need to set up the phone from scratch - how would I make sure that I can get the absolute minimum of what I need (including access to 1Password, even the subscription - how do I make sure that I have access to the needed secret key?) back up and running? As it turns out, I think I am all set, so long as I can get iCloud up and running and can get the App Store connected to download an app or two. But I am going to be testing this for sure (I have an old iPhone X that I can use to test this.)

Not to hijack this thread, but in all the password manager reviews, I haven’t seen any mention of SplashID Safe. I started using it on a Palm Pilot years ago and welcomed its migration to the Mac, iPad, and iPhone. It has its occasional bugs, but overall has worked well for me. Has SplashID ever been reviewed by anyone?

I’ve always been a bit skeptical of these kinds of claims about the benefits of open source. You may have access to the code, but do you have the knowledge, expertise, and time to audit the code? And if you don’t, how many other people do? And of those, who’s actually going to do it?

I recall that a serious vulnerability was found in OpenSSH a few years ago. Despite it being open source project, that bug had been in the code for a long time. When people began criticizing the project, the developers pushed back, noting that while many people and companies had been happy to use the software, few were willing to provide support to the project so that things like security audits could be performed.

Because it’s so difficult to do encryption right, I would expect that the developers of password managers would rely on well-established and well-tested encryption techniques and implementations in their software. Being open source is probably neither an advantage nor disadvantage as far as security goes.

1PW 8 has had export since late 2021. Both 1PUX (zipped, unencrypted) and CSV. They’re planning on adding an encrypted export too.

As much as I’m glad there are competitors, I am amazed at the people who want to save a few $ at the cost of potentially more complex and error prone setups.1Password is great especially for families. As I said before, of all the $50 (for 6 people) subscriptions 1Password is close to the top.

Yeah, it’s a perfectly fair point, which is why I said “in theory.” Sometimes that works out and sometimes not.

I wouldn’t recommend the KeePass setup to save money since the best iOS apps have subscriptions to enable the best features (and I’m happy to support the developers). For me, it’s really more about data ownership.

As I said in my earlier reply, open-source doesn’t guarantee better security, for the reasons that you list. But at least there is a way to audit the code for people who have the expertise. And in the case of encryption, there are well-know, well-documented open-source algorithms that can be used, rather than trying to “reinvent the wheel”. And, to restate what I said before, knowing the method used to encrypt and decrypt doesn’t make cracking well-designed encryption any easier. Relying on obscurity for security is dangerous, particularly when there are open-source solutions that are already well-observed.

Josh, this is the sentence that I believe confuses many folks: " The other notable change is that 1Password 8 will no longer let you store your password database locally. Instead, you have to use 1Password.com, which makes some people uncomfortable." AFAIK, 1Password 8 grabs your encrypted info from their server, stores a local cache on every device where you have the application installed (e.g. “1Password keeps a “local cache” of all of your data in a database that resides inside ~/Library/Group Containers/2BUA8C4S2C.com.agilebits/Library/Application Support/1Password/Data If you quit 1Password completely, disconnect from the internet, and then restore this folder from Time Machine, you can launch 1Password and it will unlock with the data that was present at the time the backup you restored was taken.” So once you have made the initial app install and unlocked with your secret key on a computer, you will have a local copy. In addition, as others have mentioned, v8 does now include the ability to export an unencrypted copy of your data. Those facts certainly assuaged my concerns about moving to 8.

I too have used 1Password since version 4.
Login ago, I used to buy the family plan & the Windows version…

Started moving over to Enpass a few years ago.
Both my Linux System & Windows 11 system are running Enpass without issue.

So for now am maintaining two password data bases.
So when 1Password stops working I’ll be ready to move to Enpass.

I moved from a Drobo, which was pretty transparent but prone to failure. And at least once it did some weird thing where the OS gave it a new name (Drobo-1), so all the backups were looking at Drobo (which didn’t exist) instead of Drobo-1, which still appeared as Drobo everywhere other than in Terminal.

I just find the huge number of packages that must be dealt with bewildering. And I still don’t understand why it’s eating hard drives; I started with 5 4GB drives which ran out of room. I’ve replaced 3 of them with 8GB drives and it once again ran out of space.

Sorry. I know this is not what the thread’s about… (Doh!)

I switched from Dashlane to Bitwarden when Dashlane raised their prices. I have been very happy with it.

There is a cached copy, so you won’t totally lose access if you can’t reach the server. However, in my experience with 1Password 7, you can’t export a vault stored in the 1Password cloud. I had to first copy my vaults to a local copy. So my concerns are twofold:

1. I won’t be able to export at all in 1Password 8. Or at least, not as smoothly as I did in 7. Granted, I haven’t tried the beta yet. (Don’t really want to risk my passwords to a beta.)
2. I wouldn’t be able to sync passwords if I couldn’t reach the server.

I probably could have elaborated more on that in the article, but it was long enough already :-)

Yeah… that’s why I could never do Drobo.

GB? Did you mean terabyte? I put four 6-terabyte drives in mine and have plenty of room. There are some Synology packages that require a bunch of other dependencies. I don’t know off the top of my head if it makes it easy to figure out which package requires which other package.

Ah. Yes. TB. I’m an old-timer, I guess. I still remember my first exorbitant 20MB drive…

Yes…there was a similar discussion about the subscription model…and some folks left and some decided the features were worth the subscription price. However…losing features that one wants and uses is a whole ’nuther thing.

The local storage is in some sort of SQL or mySQL or whatever database they use but from their description there is no built in daily or manual backup like v7 and earlier have. While a clone and/or TM would probably actually backup whatever it was…the file is marked open anytime the app is running and whether it gets backed up and where is a whole lot further down the database rathole than the vast majority of users will or can go. A simple preference that exported a single encrypted backup copy of the database with an associated import function would allow a user to have an easily accessible copy of his/her data. However…according to them…since this would be exported on your computer/device it would lose the protection of their Secret Key and hence not be secure…so they’re not allowing it because their server will simply never go down. Hogwash…that’s just a bunch of marketing speak and justification for their taking a user hostile step…but as their business model has clearly changed from individual/family users to corporate/business users, despite their protestations to the contrary…it’ pretty clear that they’re not all that interested in individual users anymore. One of the subreddits I frequent has a saying…”when somebody shows/tells you what they are…believe them”.

I’ve said it before…I don’t like subs…but I have one for DropBox, Adobe, iCloud and others because I like and use the features enough to make accepting the sub acceptable to me. Removing features that I want and use is another thing entirely…and even if I was completely happy with everything else they do…I spent a lot of years in the computer and IT security business…and depending solely on a single source to backup your data is simply nuts…and even more so when that source is not under your control. My point is that even with their Secret Key and all their “it’s simply better” hogwash…the algorithm runs on your device…so the Secret Key and Master Password and their special sauce is running on your device…so from a technical standpoint exporting a backup copy to a location of your choice and reimporting that as the master copy of the data later on if necessary should be a pretty easy thing to do…but it’s not…because they’ve decided that their way is the only way and users can assimilate or go away.

I’m not even blaming them for making this business decision…they sold a bunch of the company to VCs no matter how big a bow they try to put on it…and the VCs want a profit so the company is delivering for their part owners and the founding partners or whoever else has a piece of the pie. What I’m blaming them for is trying to blow smoke up everybody else’s skirt and tell us how wonderful an idea this is…and how much better their way is than whatever way users are currently doing it is. I haven’t checked out their beta forum lately…if v8 ever actually gets released I’ll give it a whirl…and I’ve previously stated that sub, no DropBox and crappy client I dislike but I could live with those. Their responses basically say…our way is better, your way is bad…and we’ll think about eventually adding backup/restore capability later, maybe. Then they lapse into more marketing BS to obfuscate the issues and essentially refuse to explain why they can’t provide the features they’re deleting. My opinion is that the reason is to make money for the VCs and company but they don’t have the guts to admit that.

All that said…v7 is a fine product and I’m still using it today…and will continue to use it until it breaks or until v8 has the capabilities I and a lot of people want…backup and authoritative restoration of their data to and from a location of the user’s choice…not 1PW the company’s choice.

As I said…it’s been awhile since I looked at it but back then unencrypted was the only option…and there was no backup/restore capability at all. Export (which they said is so your data is not held hostage) is aimed at moving to another platform…not at making a copy of your data under your control in ~ or DropBox or wherever you choose to put it along with the ability to restore that data and have it overwrite the “master copy” on their server should this be necessary. They’ve probably got perfectly adequate backup and restore in their data centers as well as multiple copes and corruption recovery things in place…but those are their backups and not the user’s.

I will test it when it gets released to see it whatever it becomes meets my needs…but at this point it’s in beta and entrusting your password security and database to beta software seems pretty high on the not too smart scale to me…the password database is about the most important piece of data one has.

I have 1Password 7 with a subscription and I have File / Export when I select a vault from my account.

What is meant by and why is a browser extension important?

Besides the manual Export command (which counts as a backup fully under your control) 1Password has a command line interface that you can script an automated backup. Googling brought up several examples. Backup as frequently as you want. I think I manually exported once since they went in the cloud several years ago.

The command line interface would allow you to do this. But I have no idea why one would want to make bulk changes. It’s not like you can make changes/mistakes to more than a single password at a time.

The database is actually common with version 7. 8 adds SSH keys, which 7 can read but not change. Most of the changes these days seem to be UI and/or performance related. I agree with the importance of the data. That’s why I trust 1Password, with its corporate resources and history of performance.

The company is not the spunky little Mac-focused Canadian company any more. They’ve moved to where the money is, the corporate customers. There’s payoff for consumer users even if sometimes seems like you’re 2nd fiddle. A password database that is sharable among several people in multiple places more or less requires the architecture that they’ve implemented. That architecture makes family password management easy. My wife gets it. My kids get it. My dad gets it. I understand that use case is not everyone’s.

Add another one. I’m still using 6.8.x on Monterey - Mac Mini M1.

@sinarades: A browser extension is an add-on that links to your password database so you can fill in usernames and passwords without having to leave your browser to copy and paste login items from your password app. In some cases it can also capture new logins and add them to your database, fill in one-time passwords and the like.

A very timely article and discussion for me. . . This morning when I tried to repair the corrupted 1Password extension in Brave (a recent issue affecting all extensions that I have not been able to fix) the 1PW extension simply disappeared.

When I went to the Chrome store to download another copy, the “legacy” extension is long gone (has been for a while). The new 1PW extension requires a “membership” i.e. subscription.

So I started using Safari again because when I updated to v. 7.9.4 from 7.9.2 1Password works as expected: a keyboard shortcut autofills my login credentials and uploads them to the website with a single button click.

I’ve been using Brave because of its privacy features and access to my long-time favorite anti-tracking and ad-blocking extensions. But it now looks like I will be using a less secure browser and finally forced to choosing a new password manager as well.

Like some other people here I am getting older and my IT skills seem to be diminishing to the point that I require something easier than what Josh has done. I appreciate the various suggestions in this thread very much.

Thanks. That is what I thought it was. So an icon for 1Password appears in my browser along with other extension icons. There is also a iPassword icon in the Finder menu bar at the top of the screen which seems redundant. When I need that function I usually go to the menu bar or open the app directly. So while KeePassXC doesn’t have the browser extension, does it provide access via the finder menu bar or must the application be opened?

Previous versions are available at:
https://app-updates.agilebits.com/product_history/OPX4

One of the best reasons to use 1Password 7/8 subscription is that it requires the least amount of IT skills as you have no files to manage. The only thing to manage is your master password and key.

There’s a preferences checkbox (under General) to hide that icon in 1PW 6. Not sure about later versions. I don’t use KeePassXC, so I can’t help you there.

That option is in 7 as well. It’s called 1Password Mini by the way. I find it pretty useful sometimes, particularly when filling in credit card info on a website. There is an option to pin the page to the screen, which I can then drag to the side and be able to see all of my credit card details, just as an example. It’s also useful for web sites that may ask for extra information when you log in occasionally, such as the answers to security questions, etc.

I just followed in your tracks, moving from 1Password 7 in order to avoid 8 because I hate subscriptions and like local data; I thank you for blazing the trail. I’m up and running with KeePassXC on the Mac, and there is only one issue at the moment: some sites have a URL you go to where the LOGIN button is, and then when you click it there is a different URL where the credentials are filled in. So I’m trying to work out how to handle these dozen or so websites more smoothly. Other than that, following your example only took me a day! Thanks again.

I just switched to KeePassXC. It does have browser extensions, but of course they are browser-specific, as the ones on 1Password are. I use Firefox with KeePassXC and they do support Chrome and others as well.

Great to hear that you found my instructions helpful! I agree those sites are annoying. Sometimes the extension will detect the separate pages and prompt you at the top of the browser window to enable autofill for those. I wish it handled that better.

So far in this discussion no one else, as far as I can tell while browsing with Safari iOS, has mentioned LastPass. I’ve used it since it was new, as both a browser extension and a MacOS application, primarily because it’s available via a purely web-based mechanism and doesn’t require installation of any apps, or even browser extensions, not even its own. (I used to use 1Password at home but didn’t like their subscription and never could use it at work.)

The govt. network I use in the office blocks:

• user installation of applications and browser extensions
• cloud-based file sharing
• many websites and other protocols considered unsafe by govt. security.

The LastPass website has never been blocked for all the years I’ve used this network. And LastPass is the only password management system that requires neither a cloud-based file storage nor user installation of anything.

I’d be happy to try out another web-based password manager that might meet those requirements.

Suggestions?

Welcome! It’s been mentioned in this thread a few times, yes (here, here, here, here and here). If you are moving from 1Password because it’s gone subscription and doesn’t support locally based vaults that sync with a method that you control, and you want to have your passwords synced to multiple devices, then Lastpass has the same restriction - it is a subscription based service unless you want it only on mobile or only on a computer. I believe that most of the people switching from 1Password here are not looking for a web-based password manager, but one that they store to local devices under their own control. One where they don’t have to trust that a web-based service will be reliably available. But, sure, yours is a valid use case for somebody like you.

I originally used Lastpass, but that was back when I had an Android phone and Lastpass had not yet been sold to Logmein. For me, I switched to 1Password around the same time that I switched from Android to iOS and that Logmein bought Lastpass. (I should also note that I was also having lots of issues with Lastpass on my Macs at the time - mostly with changed passwords somehow not syncing back to Lastpass’s website. That was probably the last straw for me.)

It does seem that since Logmein pushed Lastpass off into its own company again that it has gained some more features (sharable passwords, family plans, etc.).

I’m still on 1Password 6, but the browser extension stopped working on Chrome a few weeks ago (I’m not sure it ever worked in Brave), so I’m starting to look at alternatives. I’m grateful for the Enpass chatter here - I hadn’t heard of it before, and it looks like a likely candidate for my needs.

Interesting. I’m using Brave on my MBP with High Seira and have the extension on the browser. Using 1P v 7.9

The v.6 browser extension doesn’t work in Brave (IIRC). It still works in Firefox, and stopped working in Chrome a few weeks ago.

Does 1Password 8 allow for local cache of the database? I am often needing passwords for LOCAL applications while OUT of network/internet access? If I MUST have internet to get my passwords 8 is a total and complete bust for me.

I’ve been using 1Password ever since the very first article about it here in TidBits decades ago.

V8 does keep a local copy of the database so that you can access it without network/internet access. That isn’t the problem that a lot of people have with the new version.

Based on statements that the v8 beta supports backup/restore/export…I just downloaded and tried the latest beta…here are a few observations and the current beta has been banished from my system.

-The beta zips and disables your current copy of at least v7…don’t know about earlier versions. It does offer to migrate your data and then nags you about your choice if you do not migrate but eventually does install without migrating and it does pick up your current subscription (which is not my main vault even though I have one)…I don’t know if it picked that up from my v7 preferences or from my previous beta install attempt back in December. However…disabling my currently perfectly working copy of v7 is completely unacceptable since v8 is BETA software. At least it just zipped up the v7 application and left it in place in /Applications so recovery was fairly simple.

-After my brief use…I attempted to undo the unacceptable actions of the above installation…quit v8, zipped it and tried to delete the v8 app…Finder would not allow that since the app was in use. This required a trip through Activity Monitor to kill the total of 4 processes left running even though the app had been quit from the menu. Again…unacceptable behavior although it is beta but leaving these phantom processes running seems to be a bit underhanded to me and part of their forced migration plan.

-v7 works again after Activity Monitor, fixing Login Items, and restarting (that probably wasn’t actually required but it had been 18 days so I did it anyway).

-As several folks noted…there is an export command in the menu…but the only 2 choices available are both unencrypted…this is clearly meant as an export file to be imported into another application as one leaves 1PW v8 behind…and it is most certainly not a backup/restore option under the user’s control.

-v8 does not really look very Mac like…but since I only tried it to see if there was a backup/restore option available I did not really use it for long enough to make a determination on suitability from a UI perspective. As I’ve said before…I can live with a crappy app if I have to but would obviously prefer a real macOS app instead…and apparently there isn’t a current v8 available for iOS or iPadOS according to a March post on their form that I saw.

Based on today’s testing…v8 ain’t welcome in my workflow…but for an app that was supposed to be available sometime well before April of 2022…looks like they’re having issues with it still.

Internet access is only needed to sync data to/from your 1Password cloud database. Irregular internet connections are not a problem. I’ve been using it since Feb. It’s still beta, with improvements in UI and performance still being released. But definitely functional and stable enough to use now.

It appears that if your 1Password subscription has expired, your access is locked and you can’t get anything out of the app unless you pay them.

That terminates my relationship with the developer.

Did this happen to you or did they tell you? If correct…that would be another deal breaker for me to upgrade to v8. I find it hard to understand why the company would be that stupid.

Guess this isn’t the 1Password the company we all knew and loved.

Wrong. 1Password is not trying to keep your data hostage. Your account goes to “read only” mode and you can still export it.

Hmmm…. I enter my password and the application won’t open.

dave

Does the application really not open or do you get an error? If it’s the former, you have an app issue. Delete and reinstall. You can also try logging into your data on the 1Password web site. If it’s an error, 1Password employees answer about every question posed on their message boards so that’s probably a better place to look for answers than this board.

This is what I see:

Screen Shot 2022-04-24 at 2.50.46 PM.jpg702×292 14.7 KB

Accepts the password, but doesn’t open. That’s OK.

dave

That appears to be an application error. Restart the computer. If that doesn’t work then reinstall the app. The issue has nothing to do with the status of your subscription.

Well, this gets stranger… 1Password (7, should have mentioned that) works OK on another computer I have. And the menu bar mini app works OK. Guess I’ll have to talk to the vendor to figure out what’s going on.