Should 1Password’s Price Hike Push You to Apple’s Passwords?

1Password just announced a 33% price increase, which I find to be staggeringly ridiculous. Time to switch.

So what is the current state of password managers, and what do people recommend?

I currently use both the Apple Passwords app and 1Password simultaneously, the features that have kept me using 1Password are the multiple “vaults” (work passwords separated from personal, etc), generally better integration with 3rd party browsers (but I admit I haven’t looked yet at whether Apple Passwords can now work in Chrome, Brave, and so on), and to a lesser degree the ability to send a password to a colleague.

This is the first raise that I’ve had since 2018 on the family plan and it still represents pretty good value, slightly under the equivalent inflation amount (based on UK) and not ‘staggeringly ridiculous’.

I use ProtonPass as a backup, bought a lifetime license for that.

I gave up all third-party password managers a while ago, and advise my clients to do the same. Passwords in iOS and Mac OS is more than adequate.

… As long as you work exclusively in macOS.

If you also work in Windows and Linux, then you’ll need a cross-platform tool. Apple’s password management system won’t cut it.

(FWIW, I use Firefox’s password-sync feature. It syncs my passwords across all my devices, regardless of operating system. But only with Firefox, not with other browsers.)

I saw the price increase, and I’m also considering alternatives.

I had ongoing issues with the 1Password extension failing with MacOS Safari for a long time, and last fall I switched for a few weeks to BitWarden. It’s… fine. But, it’s missing a lot of things that I like about 1Password. Different vaults - I could never figure out a way to do this well with BitWarden, except with tags on individual items, to place them in folders, which just felt kludgy to me. I suppose perhaps you could pay another subscription for a second vault? I never looked into this. But I could perhaps live with these shortcomings.

After switching back, I found that the 1Password Safari extension is suddenly fine.

Of course there is also Apple Passwords, and I might just switch to this, but no software licenses, no passports, no drivers license, no secure notes (well, I’d use the Notes app, I guess), no custom fields in password entries (I use this a lot.)

I may just stay with 1Password - $4 a months is not terrible. But maybe switching back to BitWarden? I’m still deciding - I have until late August to decide. BitWarden is fine, reliable, less expensive, though, for those that hate this, the Mac app is Electron rather than native (like 1Password), but I’m fine with that.

1P app is Electron, isn’t it?

Yes, and I really like it. I prefer a well-designed electron app to a poorly-designed native app, so being an electron app doesn’t matter to me. It may matter to others.

I actually use Firefox’s password sync in addition to Apple Passwords and agree it is a good cross-platform solution.

Regarding cross-platform passwords, the iCloud Passwords for Windows app works well and supports most Windows browser by an extnsion. Unfortunately, it does not yet support passkeys.

I guess here you will read about various “alternatives”, Bitwarden, Enpass, MacOS Passwords … SO I would recommend to make tests with these apps. Install them and work with “dummy” passwords.

I use Bitwarden (as a former 1 Pwd user), and “happy” with it. Works well with other browsers, sending is possible (but never done). But: User Interface is not nice, and some basic features are missing like #tags or additional item types (only passwords, notes, cards, SSH keys and personal available).

I’m torn by the 1Password price increase:

On one hand,

The 1Password subscription model has worked well for me. I’ve gotten a steady stream of updates - both enhancements and bug fixes from 1Password over the term of my subscription. My family runs it on all the computers (Mac and Linux) and iDevices we own (multiple iPhones and iPads).

Moral outrage is reserved for others more deserving (cough.. Google, Meta, anyone else that sells my data ..cough).

I’m also not that concerned about the cloud components of their service and their security model (I’ve reviewed their security papers. I’m aware of the recent ETH-Zurich research paper that’s describing a potential weakness in 1Password’s public keys as well as 1Password’s response to that in their blog). Their approach to security is good enough for me (and evidently for their commercial customers as well).

This is the first (subscription) 1P software price increase in many, many years. Costs have gone up everywhere so a price increase isn’t that surprising.

On the other hand,

It does seem like an excessive increase. It leads to the sinking feeling that this increase for family plan users is being used to subsidize development for their commerical customers. I wonder if they’re not making as much as expected from what they thought was a lucrative market – and someone has to pay the bills. Welcome to the world of selling your soul to the venture capitalists, AgileBits.

I also have mixed feelings about the all-too-common practice of paying a software company for fixing bugs of their own creation. That goes for both perpetual license and subscription software….

It’s a balancing act. If you accept the fact that prices will increase as time goes on, then you’re either going to have more, smaller increases or fewer, larger increases. Given the amount of time the price was flat prior to this increase, it looks like 1Password is taking the latter approach.

Dave

Agreed on the balancing act.

The “death by a thousand cuts” method of incremental increases may not cause as much notice as the “rip the bandage off” method of fewer, larger increases. But like the all-too-prevalent “shrinkflation” the erosion in value with the incremental increases does eventually get noticed. You can argue about which is worse, but in my mind gradual erosion eventually makes me think that I’m getting ripped off stealthily. Kind of like what’s been happening with my cable TV and Internet fiber bills.

My increase is 20%, not 33%, on an annual plan whose price has not previously increased since I first subscribed four years ago. Hardly staggering, in my opinion. I find 1Password much more useful than Apple’s Password app because of its ability to store all sorts of important records, not just passwords, and for its accessibility across various platforms and apps. I recently started using passkeys in 1Password, and that works great, too. If I ever had a significant problem using 1Password, I might consider switching, but I find it easy and convenient to use, so no.

The great thing about passkeys is that I can scan a QR code with my phone (which I always have) to authenticate, so it’s not a terrible burden.

There is some support for iCloud Passwords on Windows (but not Linux or Android.)

1P 6 was perfect, and I think it even still works for me. I’ve never seen any reason to start paying them to make it worse, so I switched to Apple Passwords.

If it quits working, update it and sell the update. Then I can choose. I didn’t sign up for a coercive relationship. I payed for an app.

This sounds like a very misleading click-bait headline.

You didn’t mention the fact that the current monthly price is $4 for an individual subscription and $6 for a family subscription.

Yes, going from $3 to $4 is a 33% increase, but an extra $12 per year isn’t going to break anybody’s budget.

Going from $3 to $4 is the smallest increase allowed by App Store rules. Seems that switching to annual would get you a lower % increase in addition to the discounted rate.

Ditto 1Password 7. Which is why I stayed with it. My mandatory requirements are: 1. Standlone one-time purchase. 2. Local storage - absolutely no proprietary online server storage. 3. Local WiFi sync between my Mac and my iDevices.

If I can’t have those then I’ll use 3M’s management system.

For those of us already annual, the annual is also increasing by 33%. Well, slightly more, actually. $12 more per year more when the current price is $35.88.

With the exception of open source software, all software sales could be considered a coercive agreement. Even with perpetual licenses.

The ugly truth about software sales is you didn’t buy an app. You bought the rights to use an app according to the terms and conditions in the licensing agreement. By using the software, you’re agreeing to those terms.

Those software license agreements do not favor the purchaser. Which is why things like open source licenses (e.g. GPL) exist.

1Password has made the business decision to stop selling perpetual licenses. They have also stopped providing any kind of updates for older releases: Deprecation of 1Password 6 and older versions of 1Password 7 | 1Password Support

It’s unlikely they’ll be selling an update to those deprecated stand-alone 1Password versions should a new iOS/iPadOS/macOS update break them. Other than a 1Password 8 subscription, that is.

Admittedly then you’d have to choose. It’s unfortunate that they’re forcing you to choose rather than making the decision on your own time line.

Nitpicking, but it’s more than a click. Travel mode is not exposed in the mobile or macOS app, so you need to log in with Safari to the website, and hopefully you’ve already logged out, so someone couldn’t simply force you to type in the password - the quickest way is to scan the QR code with another device, but if you don’t have another device, then you need to enter 1password’s secret key in addition to the password for your account. Then it is two more clicks until you can toggle travel mode back off.

Couple thoughts:

• I didn’t get any emails. Maybe they’re going out in waves (I am on the legacy family plan, too, so maybe they caught mine before it went out?), or maybe it’s because right now my family plan is free due to my company using 1Password. (Which, if it’s this, is bad – they should be notifying a user of an upcoming price increase, even if that increase would only take effect at an unknown future date once they separate from their company/company stops using 1Password.)
• I really, really don’t understand the “outrage” over a $12 increase a decade later. I’m so sorry that $1 and change of an increase per year is too much to bear. Unless you signed up yesterday and the price is going up today for you, it is in no way “staggeringly ridiculous.” And even then, you still have to take into account that the software was not released yesterday, and any historical price increases, before making such a claim.

This doesn’t make sense to me. The real money is in commercial software, not consumer software, which is (at least a large part of?) the reason they pivoted so hard in the first place. Also why they literally give it away for consumer use when you have an association to it through your job.

I am not outraged at all, but considering increasing my value by switching to a product that costs $20 per year instead, or one that costs me nothing. As I said, I did this once already, when I was having issues with 1p, so I may decide it’s better for me now that 1p wants to charge me more.

No outrage. Just a re-evaluation of value.

This also when subscriptions for everything are being increased. I don’t mind paying subscriptions for things that bring me value, but if another internet provider appeared who charged less per month, I’d consider that, too.

Not mentioned so far: Apple Passwords is the more vulnerable of the two.

Those people who got both their phone passwords and the phones themselves stolen in bars a while back found not only that they were locked out of their accounts, but the bad guys had access to the password manager as well.

That’s an argument for keeping the two things separate. Also an argument for not using your password manager for two-factor authentication.

In case they would have increased the price yearly (to the price we will see end of March) the “protest” would have been far less.

I wonder if people are upset because the ca. +30% - or about the price which a user has to pay from end of March?

The question is: $3.99 per month - for what? If this piece of software is important, safe/secure and you use it almost daily (well, a password manager is in use 24/7, even if it was not opened for some days; different to e.g. Photoshop). For me it would be ok to pay the $3.99 per month, but I use Bitwarden and here we also saw an increase of the price, ca. 50%, some weeks ago.

To answer the initial question of this thread, I will continue with 1Password as it is the only way I can support my parents (remotely and on-site) by sharing vaults to enforce security across their devices and to share confidential data between us. It saves me a lot of time and hassle. They are both over 80.

Like others here, the size of the increase has given me pause for thought. If the Apple Passwords app ever includes credit cards, passports etc I think that would be the end of my long standing 1Password subscription.

As Adam noted, inflation since 2016 has steadily lowered the effective price of 1P, and it seems now that they are just trying to get back to its dollar value then. According to the Bureau of Labor Statistics inflation calculator it will take you $81.79 today to buy what $59.88 would in 2016.

I will stick with 1P for several reasons. (1) It works for me. (2) I’m old and don’t see the point in replacing something that isn’t broken. (3) I’d likely continue to pay for it even if Apple Password was equal in quality out of appreciation for the years of service 1P has given me. Scoff if you like, but I’ll be saving about two real bucks come March when renewal comes, and I won’t be wasting any of the time left to me changing something that works.

Thank you, Adam, for posting a clear summary - this is definitely helping me clarify my thinking.

Ouch! I promise you, I am not a media company making money from user clicks! “Overreaction” would have been a more fair criticism. Sometimes a straw is just a straw, and sometimes it breaks a back - I think I’m still a little bit in shock after realizing (thanks again, Adam!) how many subscriptions I have, many of which have also been increasing prices.

And as a newer customer of 1password, I was absolutely not aware of how long it’s been since they last increased prices (despite their brief mention of that - they could have lead with that fact and provided more detail).

So my new assessment is that a 33% increase is shocking but fair - though it still is pushing me towards moving to Apple Passwords exclusively. It sounds like most of my concerns are addressed - plus Keychain Access still exists for things like secure notes, and credit cards can be stored in Apple Wallet, so even some of the gaps that people have mentioned here have other solutions.

I believe all this talk about inflation is completely out of touch with the basic facts.

IIRC, back in 2016, you were buying a perpetual license. If that’s wrong, then I’m wrong about the rest.

But if I’m right, then the purchase price was spread over multiple years. Now you’re being charged per year. So do the math again, and you’ll find that they have raised the prices dramatically since 2016, way way way above the inflation rate.

This is a modern invention that came into existence when the courts decided that “shrink-wrap licenses” could be legally binding. Where, by using the software (or sometimes, even opening the package), you agree to various terms just as if you had signed a contract.

In the absence of such terms, or in jurisdictions where shrink-wrap/click-through licenses are not considered binding, only copyright law applies. The purchaser of a copy (whether software or music or a book) has rights with respect to the specific copy he purchased. Less than those of the copyright holder, but not nothing and not simply what the copyright holder would wish him to have.

Fair—I hadn’t even known about it before starting to write this.

Yes, sorry, but you are partially wrong. As I noted in the article, in 2016, you could buy a perpetual license, but that’s also when 1Password introduced then-optional subscriptions at the prices that then remained in effect for a decade.

I - actually “we”, my wife and I, through a shared vault - use 1PW for LOTS of information besides passwords, credit cards, passports, etc using secure notes. That way we both have quick and easy access on our computers, phones, and iPads to info on our cars, insurance policies, subscriptions, appliances, doctors, etc, etc. We “might” be able to do that using Apples Passwords and Notes apps, but it wouldn’t be as easy or as comprehensive as 1PW.

That is true, but unlike, say, MacOS where Apple uses vast resources to keep legacy OS versions protected from major security vulnerabilities (they recently issued a security update for iPadOS 16.x, which I appreciated for my iPad Air 2 that’s now a weather station display using Teapot for Tempest)…1Password is a focused app whose entire reason for being is secure password and information storage. Sometimes their current owners have made moves for apparent financial reasons, but on the whole they are laser-focused on security and compatibility.

Keeping 1PW7 running in some versions is a bridge to 1PW8, but those still running 1PW6 because “I bought it in perpetuity and they should keep it running in perpetuity” should seriously consider whether a principle is more important than the information they are trying to protect.

You can’t share an encrypted note in the Notes.app, last time I checked. And trying to keep everything as a “login” in the passwords app doesn’t work great in my experience. That’s one of the areas where I think 1P is better.

I’m also interested by the description above of how Apple Passwords is less secure, because it shares the passcode of your device. I hadn’t thought of that or read it anywhere else.

Thanks for the detailed post, Adam. Certainly lays out the situation clearly.

I have been using 1Password for a long, long time, and it has never failed me. I don’t use very many of the additional features, but some of the security-related features are important.

I’ve always wondered about BitWarden. From what I understand and have read about, the company offers both free and paid versions of it. But ease of use/implementation is a possible concern. Would like to hear comments about it.

Also Adam, have you ever done a comparison here on Tidbits of available Password Managers for Macs? That would be useful and helpful.

Then it’s fair to compare the subscription price back then to what the new subscription cost is. But it’s also a fair comparison to look at the Total Cost of Ownership over the last 10 years.

10 years ago you could get 1P for $70, and it lasted 10 years and counting. 10-year TCO: $70. Cost per year: $7

Subscription pricing today, the 10-year TCO is $479. Cost per year: $48

Just want to add that these types of comparisons are most accurate, especially when considering periods longer than a year or two, if the historical costs are adjusted for inflation and the future costs are adjusted for the time value of money. In other words, under typical economic conditions, $70 from a decade ago is equivalent to a larger amount today while $48 from a future time is equivalent to a smaller amount today.

I experimented today with Passwords (my subscription to 1PW will expire in June). Easy to import passwords with a CSV file, but passkeys have to be reset on the websites where they are used. Firefox is my default browser, so I enabled the iCloud Passwords extension. So far so good.

But I also run a Linux machine, which has a working 1Password extension. The iCloud Passwords extension can be enabled in the Linux version of Firefox, but it does not work. So I used a CSV file again to import all my 1PW passwords into Firefox on the Mac, but did not enable Firefox’s passwords feature, keeping the iCloud Passwords extension in charge. Going to my Linux machine, I opened Firefox and let it sync the passwords, and enabled Firefox passwords in the security settings. This worked, but soon stopped as it downloaded the iCloud Passwords extension (via Firefox sync) and it put it in charge, uselessly. Back to the Mac and set Add-ons to not be synced. Now I can let the iCloud Passwords extension work on the Mac, and Firefox’s own password manager work on the Linux machine. The latter will have to be manually updated when new passwords are stored on the Mac, but the vast majority of those I use are now available on Linux.

I don’t know if I’d go so far as to say that Apple is using vast resources to support legacy OS versions. Their update model is to provide security updates only for the prior 2 versions of the OS. No other fixes. And the prior 2 versions don’t get all the security updates that the current one does.

The situation that the prior poster asked for - “just fix 1P 6 to work on newer OS and sell it to us” is analogous to wanting Apple to support macOS Sequoia on hardware they’ll release next month. Not happening in either case.

And 1PW 6 will continue to work just fine as long as you run it on the OS releases it was supported on. Upgrade past that at your own risk. And in any case be prepared to live with any security problems that may be discovered if you decide to keep running it.

Hopefully, someone else will test it before you upgrade. Depending on what is changing in macOS, it may or may not break.

I’ve personally experienced something similar with Adobe Photoshop Elements and FileMaker Pro. The versions I’m running (PSE 2021 (v19) and FMP 19) are definitely not supported on my Mac (an M4 mini running macOS 15.7). But they work. PSE via Rosetta. FMP is Universal.

I’ll upgrade them when they stop working. But probably not before that.

Don’t confuse “unsupported” with “incompatible”.

Looking at this from AgileBits’ side of things, how much did those years of providing free software updates cost them? That’s the side of the equation that pushes software vendors to subscriptions. I think they come to the conclusion that one-time software license purchases do not provide sufficient ongoing revenue for bug fixes (security and otherwise), maintenance (e.g. supporting new OS releases) and new features.

I worked for an enterprise software company that sold perpetual licenses, but there was no update entitlement unless you had a support contract. The support contract included the any major version upgrades that were released during the term of the maintenance contract - so in that case it looked like a subscription. Unlike subscriptions, the software didn’t stop working if you stopped the maintenance contract.

Agreed - and that’s where my “at your own risk” statement comes from. Guaranteeing that old software still works on new macOS releases is always a question mark that seems only to be answered by user experience.

Wow…so much passion about a password manager!

I used 1Password for many years but switched to Bitwarden prior to Apple’s release of Passwords. I’ve had it installed it since its early releases (when it was free) on both my wife’s and my computers (my iMac, iPhone and her iPhone) and have been perfectly satisfied. I haven’t regretted the switch, and Bitwarden has continued to add features and refine its tools. Check it out.

I suspect you’re tracking the removal of Rosetta in macOS 28 given that PSE 2021 appars to be Intel-only…

Are you certain about that date? I was using 1PW6 and taking my time purchasing a perpetual license for 1PW7. When I finally got around to it the perpetual license was gone and it was subscription only. And this was long before 1PW8. I wish I could find the emails (and dates) of my conversations with AgileBits about this change.

Also, the perpetual license was a hidden option that took a bit of sleuthing to find.

So I am using 1PW6 on Sequoia because it still works…but am transitioning to Apple Passwords. I hope Apple adds more features in future versions.

When it goes away, I’ll have to upgrade. I’m not too concerned, because PSE isn’t very expensive, but Adobe no longer sells PSE with a perpetual license, so I’m going to put this off for as long as possible.

Adobe claims that Elements is not a subscription product, but only because there are no periodic payments after the initial purchase. But the license (and therefore the software) expires after 3 years. The fact that you can’t renew for any amount of money but are forced to buy the new version is actually worse than a subscription.

If Adobe doesn’t wise up by then, I may just decide to switch to something else. There are plenty of options. I primarily stick with PSE because it has great integration with my scanner software (SilverFast), allowing me to scan directly into an editor window without creating temporary files. But if they tick me off enough, I’ll change my workflow just to spite them.

That’s my favorite model.

I’m happy to read this discussion (on the ever-valuable TidBITS Talk forum). Like several others, I’m running an ancient 1PV6 family license (perpetual) on my family’s cluster of 3 Macs, 2 phones, and an iPad… and I’m kind of holding my breath, waiting for an upgrade to break our time-worn setup. We still sync everything via Dropbox, just like the good old days, with no reliance on 1P’s cloud service. It’s all worked flawlessly – we’ve used 1P since V2 – and it still feels secure.

I’ve had my eye on Bitwarden for a couple of years and have begun been recommending it to friends and family who are still password manager holdouts. The primary concern that keeps me from converting to Bitwarden is its open source nature. While that would generally be a strong positive factor for me, with security on the line I have to wonder how easy it would be for a bad actor to infiltrate an open source project in order to compromise millions of users’ carefully-guarded data.

Your thoughts? (Am I unnecessarily worried? …or worried about the wrong things?) Thanks in advance for your considered opinions.

I am sticking with 1Password, for a few reasons:
One, I don’t trust Apple software with something so sensitive and important.
Two, if you do need help, Agile-Bits will be available to help directly. Try that approach with Apple. Three, as Adam points out, 1PW still provides more features than Apple’s Passwords, and finally, Apple offers too little, too late. Apple has lost the “race” for this market, in my opinion.

And for today’s experiment, I am trying out Bitwarden. So far so good, on Mac, iPhone and Linux Mint.

Then there are those like myself where 1Pwd8 WON’T run on our Macs but STILL will not get any updates. Since the company has decided to reorient to business users, they seem to be depreciating those pesky individual users who ARE the basis for 1PassWord’s success.

I use BitWarden on my work machine. I think if I wasn’t invested in 1P, it is what I’d use at home too.

The price is reasonable: you get a lot of functionality for $0, and the extra features for $20/year or $48 for families.

My biggest gripe with Bitwarden is that they don’t have a central service running on the machine, so you need to sign in separately in each browser. Chrome updates? Sign in again. Firefox updates? Sign in again. Logged out or restarted? Sign in everywhere again. Maybe this is just me because I run multiple web browsers.

If that annoys you too, vote for https://community.bitwarden.com/t/shared-unlock-state-login-to-browser-extensions-when-logging-into-desktop-app-and-vice-versa/1635/1

I’ll stick with 1Password. You get what you pay for. I’ve been a happy customer since 2007. They have pretty good support, although it is email. I’ve been tempted to use Apple’s Passwords. But, I care not to have all of my eggs in one basket at this time.

Just to comment on Vaults, I did the export/import cycle to Bitwarden again and wanted to preserve my vaults as best as I could. (I’m going to decide pretty soon whether to stick with 1P or switch in a few weeks.)

Just as a tip, what I did was I tagged all of my items in each Vault with the name of the Vault in 1Password. So, for example, I am the chair of a non-profit organization called SLLT, and all of the passwords, secure notes, etc., that I use for that organization are in a Vault. I tagged each of those items “SLLT” (you just need to tag one, then select the rest and drag them to the tag in the sidebar, to do this quickly). I also have tags for “Default” and for a couple of organizations I also work with.

Then I exported the 1P data. When I imported into BitWarden, it created a folder for each of these tags, so all of my SLLT items are now in their own folder.

It’s nowhere near there same as a vault, but at least things are organized.

I’ll spend the day creating second passkeys for all of the sites that have passkeys stored in 1Password (by the way, that is a great feature of 1Password - you can get a quick listing of all of those logins. So far I can’t seem to search BitWarden for any passkeys already created.)

[edit: A bit of searching found that you can use the BitWarden command line interface to search for which entries have a passkey stored: Find passkeys stored in vault - Password Manager - Bitwarden Community Forums].

While that would generally be a strong positive factor for me, with security on the line I have to wonder how easy it would be for a bad actor to infiltrate an open source project in order to compromise millions of users’ carefully-guarded data.

More generally, I wonder about the security of the different password managers. Even if the people developing the software have the best intent, it’s really easy for subtle problems to make it into a product. When I last took a look at the various password managers awhile back, I noticed most had had very few security audits done by a third party (or at least published the info on their websites), and usually, they only audited one version of the software. AgileBits, to its credit, had audits done fairly regularly, and the company had tested both the Mac and Windows variants of 1Password (I don’t recall if they audited the Linux version).

You’re correct—1Passwword’s perpetual license disappeared in June 2021, before the release of 1Password 8.

These months I am thinking of moving to 1Password or Bitwarden from Apple Password.

Apple Password is great enough for me, but my MacBook Air is almost 7 years which can only stay on macOS 14. I switched my browser from Safari to Firefox so third-party will be better for me.

Even though I can mainly use my iPad Pro my main driver, and although I can be careful when unlocking my device with passcode when it requires, I don’t think it’s a good idea to use Apple Password especially when Stolen Device Protection has not yet introduced on iPad and Mac. If I have third party apps, I can decide where my passwords should stay while Apple’s allows one click.

Yesterday I installed Bitwarden again, strange I don’t think their interface is as bad as before. Maybe they refreshed it (although 1Password is better). The deal breaker for me is that their vault health report is available only on the website, which is not useful because I need to take action asap when they find something unsafe.

No one can accurately foresee the future, but in my own case, 1Password is still working well (I know others may find it bloated), and yes US$47 is a bit overpriced, but I think if I should spend time and money in saving some amount for cheaper services, because it is not as evil as Adobe, which has ridiculously expensive plans with cancellation fees. There are many things more desperately waiting for me to save too!

I need a computer to save my time, but not spending more time on it.

I am not crazy about the price increase, but I think that, on the whole, 1P does a great job. I’ve been using it for years, and a modest increase in their licensing fee isn’t going to make much of a difference. If I weren’t currently committed to a password manager, I’d use the built-in Passwords app. Otherwise, I’m going to stick with 1P.

Understand that I would not be comfortable with this, but 1PW’s solution to this would be to set up an account and use their Web portal that provides “all the functionality” of 1Password without needing to use a local client at all.

My “ancient” 2012 iMac which I keep around for opening certain files will not run newer version of 1PW. In my opinion some of the vulnerability issues that later versions patch are theoretical threats but I’m, um, not that worried about them.

Have you looked at MacPass? While it is version 0.81, it works with KeePass databases and will run on High Sierra (MacOS 10.13) or later. KeePassXC requires Monterey (MacOS 12) minimum. One question is can either of these the 1pif file exported from 1Password?

I’d say that in widely adopted software, where millions of people are users, open source code can be more secure than code that relies on “security by obscurity”. The more people that are using and testing a product regularly makes it more likely flaws and weaknesses will be found.

A classic framework for thinking about this, if you’re interested, is here (don’t worry, the link below points to a section of a blog post that doesn’t take 35 minutes to read):

Thanks for your helpful reply. I’m rethinking my biases…

Open source does not automatically mean more secure;

TL;DR

The “open source means more eyes on the code” argument sounds great in theory. The idea is that everybody can see the code and catch problems early - perhaps before they get released. But is it really better in practice?

Take the xz package backdoor from 2025. xz is in use by almost every Linux distribution. It’s open source.

xz was maintained by 1 unpaid developer who needed help to keep this project going. The original maintainer added another maintainer to the project. It turns out that second maintainer turned out to be not so trustable as he introduced a backdoor into the package that provided privilege escalation. It probably would have been a severe vulnerability if it shipped.

Nobody performed any additonal review of the code before it was committed. It wasn’t reviewed for security flaws before distros picked it up. It only got discovered when a user who was running a development version of a distro that included this package noticed something funny going on. He reviewed the code, and worked with the original maintainer to stop this compromise.

But we came very, very close to a very nasty remotely exploitable vulnerability being broadly released into the wild. And nobody would have known until after the fact. Just like we do today. Just like what happens with closed source software.

It’s caused some serious conversations about how critical pieces of the open source infrastructure are being maintained and reviewed.

Yes. I’ve agreed with that for a long time; that’s why I wrote “can” above.

For anybody interested, here’s an article I’ve linked to on other discussion boards in the past:

Another vulnerability of the open source model is that low level, “boring” functions do not attract much attention or updates from coders. Plus, as you said, there are no clear lines of responsibility or accountability. For example, if I recall correctly (I can’t search for the specifics right now), there was a web-wide security problem that escaped detection for years because it was tied to a flaw in a time of day lookup routine that nobody had any interest in reviewing…including the person who originally wrote the code.

Actually, the code was reviewed by many people. But this person was extremely sneaky and slipped the back door in via files nobody typically reviews (the data files used for the build’s automated self-test).

Coincidentally, Veritasium just posted a video talking all about this exploit:

The experts interviewed in this video maintain (and I agree) that this is not a fault of open source as a concept. Back doors can be and have been slipped in by untrustworthy employees and contractors for major corporations as well. And with a closed-source product, it would be impossible for any outsider to fix the problem before doomsday.

And thanks to this incident, the communities responsible for Linux distributions are much more careful than they have been in the past.

I recall in the “bad old days” of mainframe computers, there were no shrink-wrap licenses. Instead you paid big bucks and signed a license agreement with a representative. Which means your cost included the pay of that representative and either their travel time or more indirectly your own. There were also maintenance agreements you couldn’t really do without lest your software stop working every time a minor change was made to either your machine or OS. So really not all that different from software subscriptions. I hate them too, but until AI takes over, developers have to be paid.

If Passwords provided the features that 1PW has and I use…switching would be a no brainer. But…it doesn’t, Secure Notes is a big one for me and I have never seen any security evaluation of the locked note feature in Notes so that’s a no go. I’m personally still on 1PW v7 with the subscription…but at this point all the no go features in v8 have=e been resolved…but I’m going to use v7 and DripBox until it quits working.

Ditto except standalone. With my iMac maxed out at High Sierra, and my MBP maxed out at Monterey, Apple’s Passwords.app isn’t available to me, plus I also use 1Pwd7’s Secure Notes. I’d like to see if there IS a way to use Apple’s Passwords for secure notes by maybe creating fake logins. I also use the Software Licenses category of 1Pwd; does Apple’s app have a similar capability?

I was using password safe and that worked fine. Got lazy and went to iOS Passwords, not as easy to use but with password history being there now it is really decent.

1Passwords is not worth it if you are thinking to try one out. Just use the free open source password safe. It has the same features over 10 years ago.

The reason the author ended nicely is because they got a break and continue to pay legacy price. For the nice price it’s for sure not worth it.

I didn’t see a MacOS version; only Windows & Linux.

I used 1P until it went subscription, and now use Apple Password as my needs did not require the extra features of 1P. The lengthy constructed passwords by both 1P and Password are a nuisance when logging into a service while using a computer/device that is not yours.

The strong, long and unique passwords, created by password management software, do not count for much when they are hacked or stolen from a company or organisation to which you have given your strong, long and unique passwords when setting up an account. Not much stealing or hacking happens at the home computer.

A real issue is trying to get a company or organisation to delete your account together with your details and password and to be out of hacking range - to paraphrase Seinfeld “they take your password and they keep your password’.

I dropped 1Password many many years ago when they did something similar. A security expert at a company I then worked for advised me to look at Secure Safe ( Business cloud for documents & passwords | SecureSafe Bundle ), a Swiss based company (which is a plus for me as a European). They have an app for iOS/iPadOS and a browser plugin for Safari. Works cross platform too (but I have no experience with non-Apple platforms). They have several plans, starting with free with limited use. I have been using the Secure Safe middle plan for like forever and pay about € 18/year now. I can recommend it without hesitation.

This is simplifying things a bit, but a proper service for which you set up any password never stores the actual password - they store a hashed version. A hash is a one-way easy to compute cryptographic algorithm that reduces the data entered to a fixed set of bits; a proper hash will have about half of the bits change if you change one character bit of the password. You cannot reverse the results of a cryptographic hash. Hopefully they will store a salted hash, which means that they add a random bit of data to the password you enter, unique to each account. Then, each time that you try to log in, they compare the hash of the password you enter to the hash that they have stored for your account.

Not that everyone has always done it this way, which is why passwords have been breached in the past, but everyone should be doing it this way by now, and should be offering to use passkeys instead of passwords very soon, if they are not already.

So, long and random passwords do matter because if account data is hacked now, the only way to derive someone’s password is to guess it, or, for hashes that are not salted, figure out the hashing algorithm and compare the hash to some pre-computed hashes of commonly-used passwords, and the longer/more random the password, the longer it will take to guess the password.

I know that they are supposed to do as you suggest (and do it with other methods such as PAM et al). But many organisations don’t and I’ve found many don’t have any clue or are reluctant to incur the expense, particularly smaller companies. As well, offshore storage is difficult to supervise and enforce. I was really making the point that password managers have a limit, and that limit is not caused by the password application. I do take notice of your points posted.

I’m a happy Proton user overall, but still use 1P for passwords (inertia, mostly). I just took a quick look at Proton Pass and it seems to check all of the boxes including functioning on multiple platforms, attaching files, support for credit cards and personal documents, etc. It’s well reviewed in general and Swiss-based which has some advantages, too. Anyone out there have experience using Proton Pass? How does it function in Safari, Arc, Brave, etc?

What moved me away from 1Password was their move to cloud storage. The subscription model bothered me, but the cloud approach was the deal-breaker. And that was a while ago. So now I don’t care how much 1Password raises its prices.

Thanks, Adam, for doing the work of comparing 1Password with Apple’s Passwords.

Over the many, many years I’ve been embedded in the Apple ecosystem, I’ve never regretted avoiding reliance on Apple’s own software. Back in the day Me.com could not keep two folders in sync across the internet. Thank goodness for Dropbox. I could list lots of passwords with Apple’s Keychain Access. But it was a no-brainer to move to 1Password. And when my photography hobby got serious I opted for Lightroom instead of Aperture. Thank goodness.

I suppose I should forgive Apple its bad track record, but I’ve got until next January to decide whether 1Password’s price hike is worth it. It’s not an unreasonable price increase, but I’m scrutinizing all my myriad subscriptions pretty closely these days and may find myself migrating to Proton Pass.

Not me for now. I’ll stick with the 1P family plan. Been using 1P since 2007 or earlier, just with Apple products. Good support, and I like the syncing between my Mac and iPhone.

I don’t understand this. From the very beginning I used 1P via Dropbox so that my passwords would sync between all my devices. Any password manager that doesn’t sync is useless to me (though I suppose someone without only one device wouldn’t care).

Are you worried that 1P’s cloud is a security risk and you’d prefer to use Dropbox or another cloud service? Or are you anti any cloud service? If so, then how do you sync between devices?

Well, in general I don’t trust ANY cloud. I do use iCloud password synching, that’s the cloud I distrust least. But I was just fine with having to re-enter passwords on each device.

A great deal of stealing and hacking happens on personal computers, both home and office.

https://www.forbes.com/sites/daveywinder/2025/02/24/hackers-share-39-billion-stolen-passwords-what-you-need-to-know/

Password managers do try to mitigate against infostealers, with varying degrees of success.

Salted/hashed password storage has been best practice since at least Unix System V which was released 43 years ago. Still, it’s surprising how many sites/systems still store plaintext passwords. A giveaway is when a site limits password length – a hashed password takes up the same amount of storage regardless of the length of the original password so there is no reason to limit lengths to anything less than hundreds of bytes.

Cloud storage is not necessary for sync. Peer-to-peer sync systems used to be common, but we seem to have forgotten about them in our cloud-crazy world. The prevalence of NAT routers didn’t help. I’ve used Resilio Sync (on the free tier) for reliable peer-to-peer, platform-agnostic syncing for years.

No, I would have continued to pay for 1Password at the higher price too. The features are worth it for our use cases.

Maybe. It could also be a function of the cipher/hash. For instance, in old Old Days, Unix systems would use DES to generate the hash - encrypting a well-known string using your password as the key. Since DES only supports 8-byte keys, your passwords would be truncated to 8 characters.

Which is why you should only use a service where your passwords are encrypted in a way that prevents the even the password-provider from accessing your data without your master password (which you should not sync anywhere).

The good providers should document their algorithm For example, here’s the Firefox sync algorithm.

Any good system should encrypt your data locally, before it is transmitted to the cloud server, and they key should never leave your computer. Any system that does this (and doesn’t have a critical bug, of course), should be equally secure, as long as your local passphrase is kept secure.

It’s one of the things that makes choosing software difficult. I’m a VP of technology, and it is shocking how often we encounter interesting tools that we would be happy to purchase or license, but upon performing our due diligence, it becomes clear that security wasn’t even a design consideration for the product.

FWIW, this is particularly true for smaller developers and startup firms, but at least there is a good chance that they will take action when a credible prospect avoids or delays purchasing until the problem is addressed. In some ways, it can be a lot trickier to evaluate well-known platforms and apps.

There is a notes section but it doesn’t have any of the formatting options that 1PW does and there’s no indication how long they can be. I don’t see a way to create categories either (at least on the iPad version I just checked on). The app is good enough for basic passwords but for any more complex user case it is lacking…but then it’s a 1.0 version.

Locked Notes is another option…but I have not seen any security evaluation on that so it isn’t an option for me

A great deal of stealing and hacking happens on personal computers, both home and office.

Well, Macs are of course not completely immune to hacking, but I suspect the rate of compromise on home/office Windows machines is greater than the rate on Macs. The proxy I’d use for that is reported vulnerabilities, and particularly vulnerabilities that have been exploited, on Windows compared to Macs.

No disagreement here, but when you review statistics of compromises, you need to associate the stats with time frames and/or particular Windows releases.

Back in the days of Windows 2000 and XP, it was pretty much a free-for-all. Today, it’s much better.

I won’t say whether modern Windows 11 installations are better than contemporary offerings from Apple and the Linux community, since I haven’t reviewed recent statistics. I just want to make the point that you shouldn’t use Windows’ historic lack of security as the basis for assuming a similar lack of security in current versions.

A note can be up to 4096 characters long. I had a large amount of text generated, and pasted it into a Password note. Then I copied the note into Microsoft Word and used the Word Count tool to give me the result.

Sounds like they just took Keychain from MacOS and made it an app.

You have a point, BUT: any company that thinks it is a good idea to make screenshots every few seconds to index what the user does (Windows recall) deserves a little bit of distrust (IMHO).

I just checked the Keychain Access App on MacOS 26.3 and it does have a Secure Notes tab, if that’s is a suitable supplement to Passwords for those who need the feature.

It did pop up a couple of dialogs trying to get me to use Passwords but they had the decency to include a ‘don’t ask again’ checkbox.

I’m still on 1PW 6.8.9 and it suits my needs. Haven’t even opened Passwords .

I’m still using 1Password 7 as I hate the “rent a program” plans that have changed software purchases. When 1Password 7 finally breaks, I’ll need to make the choice to stay with it or switch to Apple Password.

My question though, is what am I risking by staying with a software program that is no longer supported. I’m storing my vault in my iCloud account after an apparent break-in into my Dropbox account.

So Apple has TWO password manger applications now? Keychain Access & Passwords? I figured the latter replaced former. So if KA has a Secure Notes, I wonder why Passwords doesn’t?

Eric, 1Pwd7 still works fine on Sequoia 15.7.4. I’m updating to 15.7.5 and will have to see if it still does. Update: yep, it still works.

Keychain Access isn’t really a password manager. Keychains track all kinds of security-related data, including passwords, secure notes and certificates.

As a password manager, its user interface is pretty tricky. The Passwords app accesses the same data (only the passwords in your keychains), but presents it in a far more useful way.

As strictly a Mac guy, I agree wholeheartedly that Passwords is all Mac users need. It’s seamless and partners nicely with iCloud’s mail’s Hide My Email

Though I’d share this article I came across recently about a weakness in password managers in general that stores their vault in the “cloud”.

Cool idea about hiding some vaults when you travel!

In 1P, I find the Vault < > User mapping very handy for my family. I can put things in a shared vault that I want all my kids to be able to access. As my kids move into adulthood, I can move passwords I’ve managed for them into their own vault and they can instantly access them. I can also update their items: eg, their Passport data is valid but they need a copy of it; so I scan and upload, and now, 100 miles away at college, they have it, all through a secure channel.

Meanwhile, they can have a private vault that I can’t access.

Also, the ability to share an individual entry securely is nice. “Dad, how do I get into Netflix??” Done.

Also, someday when I pass, my kids will not be clueless about how to access my passwords.

These are big drivers for me.

Ah…that wouldn’t be enough for some of my secure notes.

I also have a legacy “Families Launch Special Plan,” but this price-hike miscommunication has made me reconsider whether I can prune a subscription fee now that Apple Passwords has matured. The main obstacle for me is that Apple Passwords doesn’t support many of the different categories of items I store in 1Password, but it seems I could manage them in the UpLock app (formerly Access), which appears to support everything except Logins (which would go to Apple Passwords) and perhaps standalone password items (which I might need to convert to secure notes). Uplock offers a free trial as well as subscription and lifetime pricing options for both individuals and families. Worth a look. (I have no link to the developer and have only recently discovered the app.)

Oh, and for those who mentioned the need to recreate PassKeys, apparently 1Password on iOS (and maybe iPadOS too) supports exporting PassKeys via the new Credential Exchange Format (CXF) standard. I’ll be testing this route for migrating logins/passkeys to Apple Passwords, and 1PUX/CSV for everything else to Uplock.

So far, this support is merely announced. Apple announced that Passwords would support it in the 26 operating systems, and 1Password (and I think Bitwarden) have also announced support, but the standard is still being finalized.

[edit: I may be wrong about this; it may be that you can do this only in iOS. I will test this later. When I tried to do this last week, I was using MacOS.]

I think I posted this before: with 1Password you can search for Passkey and see all of your logins that have passkeys defined, and then create new passkeys for those sites in Passwords. It’s a bit of a chore to do: have the 1Password extension turned on with Passwords autofill turned off, log in to the site with the 1Password passkey, turn off the 1Password extension and turn on Passwords autofill and reload the page, then go to the security settings for your account and define a new passkey and store it in the Passwords app.

That looks interesting! I may try this out myself.

I’ve been using Bitwarden for a couple of weeks now and I don’t think I’ll switch from 1Password to it - it’s just not as feature-rich as 1Password, and I can’t seem to get unlocking with fingerprint working on MacOS, so I’m typing my password more than I like. I’m still considering switching everything to Passwords and was going to store everything else in Notes using encrypted notes, but I may try UpLock instead.

I was wrong about this - it works really well on iOS. Open the 1Password app, tap your account icon top-right, Settings / Advanced / Start Export - it asks you to enter your account name and hit a button to approve, then prompts you for the app to export to, and then the Passwords app will spend some time importing the data.

I need to go through everything that was imported, because I have a few shared groups, but it all looks good so far.

I simply refuse to financially support a company that justifies its subscription and price increases in part by touting its technical support when my personal experience with AgileBits is among the very worst computer hardware/software customer service of my life. . .

I’ve always received help with 1Password when I needed it. However, since my iMac can’t go past High Sierra (10.13.6), I still use 1Pwd7. Fortunately, it also still works on Monterey (12.7.6), Sequoia (15.7.5), & iOS 18.7.x on my MBP, MBA, iPhone & iPad Minis respectively.

Even 1PW6 works on Tahoe but the Mini function seems to foul things up so I turned it off. Browser integration also not but I’ve gotten used to copy pasting.

Need to find out how to put a compatible variant of it on iPadOS 26. Have an older funtional syncable copy on an older iPad, I think I read there is a way to use iMazing for this but need to dig around.

I need the ability to share passwords across multiple Apple IDs; I don’t think Apple’s Passwords can do that. So will still have to pay the 1Password tax.

It can! You can create shared password groups. I think it works with passkeys as well. (I haven’t tried that yet.)

See Share passwords and passkeys with people you trust on iPhone - Apple Support

The main obstacle for me is that Apple Passwords doesn’t support many of the different categories of items I store in 1Password, but it seems I could manage them in the UpLock app (formerly Access), which appears to support everything except Logins (which would go to Apple Passwords) and perhaps standalone password items (which I might need to convert to secure notes).

That looks interesting! I may try this out myself.

I’ve been using Bitwarden for a couple of weeks now and I don’t think I’ll switch from 1Password to it - it’s just not as feature-rich as 1Password, and I can’t seem to get unlocking with fingerprint working on MacOS, so I’m typing my password more than I like. I’m still considering switching everything to Passwords and was going to store everything else in Notes using encrypted notes, but I may try UpLock instead.

UpLock is the perfect companion to Password. I exported all the thousands 1Password entries I had to both Password and UpLock, and, as expected, all the password entries went to Password and all the non-password entries went to UpLock.
With some refinement by hand (while keeping 1Password passively around for a while as a backup), I am now completely free of 1Password, and I don’t miss anything.
—e.

Yes, I’ve tried out Uplock as well and decided to stick with it. It’s not perfect, and I still have some reviewing to do to make sure it brought everything over. Some field names were not correct, and I liked having sections in 1P to organize my custom fields, and I liked using Markdown in notes and custom fields as well - so those items look weird in Uplock, which doesn’t seem to render Markdown.