1Password 8.7.1
AgileBits has issued a maintenance release for its recently upgraded 1Password password manager, now officially at version 8.7.1 following its recent jump from version 7 (see “1Password 8.0,” 9 May 2022). The release now dynamically adjusts menus and keyboard shortcuts based on the currently selected item, allows the Universal Autofill feature to fill information in the DuckDuckGo browser, includes information in diagnostic reports about how frequently the SSH agent prompts you to authenticate, speeds up the process of importing 1Password account credentials from iCloud Keychain, resolves an issue where the password history button wouldn’t work when viewing an item in a new window, corrects an issue that could cause high CPU usage when your Mac wasn’t connected to the Internet, and removes a potentially offensive word from the password generator word list. ($35.88 annual subscription from AgileBits—TidBITS members setting up new accounts receive 6 months free, free update, 2.9 MB installer download, release notes, macOS 10.15+)
It’s subscription-based annually or monthly?
Also, I hear rumors that vaults are in the cloud not stored on my Mac’s HD. Is that true?
Yes. (Meaning that it can be either; paying monthly pays more, assuming that you use the app for 12 months.)
Not really true. Vaults are cached locally, so they work if you are disconnected from the internet. But there is no File | Open command to open a local vault - you must have a subscription to open a vault/multiple vaults.
The last few days, I’ve been working with an AgileBits tech on problems with 1Password for Mac 8.7.1 (the most resent release) not autofilling in Safari Version 15.5 (17613.2.7.1.8) - the most recent version, in Monterey 12.4 (21F79) - the most recent version. Had this problem as soon as upgrading from 7 to 8.
So none of my Macs say v.8 is available for download as an update (all still have 7.x). Are they sandbagging the rollout, or do I have to explicitly go download it from the website?
Same. I explicitly downloaded it. In fact, the iMac where I didn’t download it just got another update on Friday to 7.X (7.9.5 IIRC.)
Yea, I mean the App Store still has 7.X and no trace of 8.X. Seems almost like they’re still treating it as beta?
1Password for Safari?
On another note of confusion, in spite of discussions I’ve had with AgileBits, I still don’t get why they have a separate product “1Password For Safari”:
And then there’s the Safari Extension. When they’ve had me troubleshoot, the steps involved in enabling/disabling and installing/uninstalling has left my head spinning. Not to mention the fact that the 1P when you log in via Safari seems now to be completely disconnected from the app (eg, I may have logged into one, but I’ll still have to log into the other). Seems to just be getting worse with time and they don’t seem to care.
And here’s what you have in Chrome:
How do I choose?? And this is after you select 1Password > Install Browser Extensions… which only takes you to Safari. Did it do something for Chrome at the same time? If I do that, do I still have to choose one of the options above, too?
It’s a total cluster of confusion.
Right, and then I copied the URL from Safari and pasted it into the address bar in Chrome (and Firefox) to get the proper extension.
It’s rare when I need the app actually open. I just use the control that shows up in the userID and/or password fields in Safari almost every time.
And that’s the way it’s supposed to work. But very, very often (most of the time?) that is broken. Clicking on it does nothing. I reached out to them a number of times over the years before they finally admitted it was a known and ongoing issue:
They claim 1Password 8 and the Safari Extension are supposed to be better at handling this, so I should probably withhold further judgment until I try that out. But I figured there was a reason they hadn’t pushed it to me yet (or sent an email, or presented it in the App Store, or anything), so I have not explicitly installed it. I don’t need, for example, my password database getting corrupted because there are known issues.
By the way, I could have sworn that early on, 1P provided some type of non-Safari extension management. Either at installation time it detected or asked you to indicate which browsers you used and then helped manage the process to getting their extensions up to date. For some time now, they started this “Safari only” advertising, and you have to do tricks like you described to get Chrome updated, noting the confusion even there that I posted above.
Anyway, I will reach out to them and ask what the story is with 1P 8 and let you know what they say.
Well, when you open preferences in 1Password and click “Get 1Password for your browser”, it just opens your default browser, which is why it is opening Safari for you. When I changed my default to Chrome and clicked the button it definitely opened the link in Chrome.
Not sure what you’re referring to. The closest thing under Preferences is this:
which is not what you describe. Perhaps this “Install Browser Extensions…”?
And that’s what takes me right to Safari, my default browser. But what about Chrome, my “other” browser? It says “extensions”, not “extension”. And like I said, it used to manage setting up 1P in all your browsers, not just your default.
Anyway, waiting on a reply from 1P about 8.X.
I thought you were running 1Password 8 (based on the subject line.) They’ve replaced the “install browser extensions” in the 1Password menu with a setting in the browsers sections of app preferences. But I still have version 7 on my iMac, I just tried the same change of default browser to Chrome, and hitting “install browser extensions” opens the page in Chrome, just like with 1Password 8.
It’s available as a separate download from their site…I don’t see it on either the Mac or iOS app stores though…so no idea how you get it to those devices yet. Not an issue for me as v8 is fundamentally broken for me…removal of several features I require. Like many…I will stay with v7 until it breaks…and at that point I’ll either shift to something else that supplies those features (DropBox, doc attachments and backup/restore capabilities)…currently that’s Enpass as the top choice…or to Passkeys or iCloud Keychain or Apple’s Keychain assuming that they were to add the doc attachment and auto password entering from keychain (not from Safari stored passwords) capabilities.
I would go back to Password Wallet which I eliminated as a 1 man shop, no browser plugin, and their auto fill procedure is horrendous IMO before I went to 1PW v8 in it’s current form…and 1PW the company doesn’t care about the features and capabilities they removed…their long term answer on their forums since September or so has been “true us…our way is better and we’re not giving those features you require back”.
Lovely.
Can you provide a quick summary of what was removed?
So it seems I was right that they’re “staging” 1P 8 rollout which is why it’s not pushed to the App Store, etc. From their Support Team:
They say it’s to manage the load on support (but they’re still fielding support requests from 7.X users, so I’m not sure I buy that). More likely, they don’t trust it yet and they’re using early adopters as guinea pigs and hopefully getting things fixed along the way. And maybe they’re trying to add back features they apparently yanked before more people cry fowl after upgrading.
Running 8.X now on one Mac; we’ll see what happens.
Local vaults, standalone license (i.e., subscription only and the stand alone license for v7 was hard to find already), no cloud option other than 1PW servers, and local backup/restore capabilities. Also…at least in the two beta and one released versions I tried…the app didn’t really look like a native macOS app since it is in Electron but I don’t use the app much on macOS so that’s a pretty minor issue at least for me…but beyond the look and feel v8 just didn’t work right…or at least right as I define right.
I could really live with everything else…and I already have a subscription which is one of my many backups of my 1PW data with v7 but would prefer a stand alone license myself…except the no local/user controlled backup/restore routines to a location of their choice and that one is both a deal breaker and something they’ve said on their forums won’t be fixed because their new and improved and better algorithm can’t or won’t do and they aren’t interested (or maybe weren’t interested either then or yet, can’t remember the details exactly). The decryption happens on device in some sort of MySQL or some other database as I understand it…but unless you’re a DB guru then doing a backup or restore from there is a lot of command line stuff that most mortals don’t know how to do. But as a long time IT sysadmin and computer security guy…the idea of having my only backups out somewhere else I have no control over and that they haven’t to my knowledge explained anywhere gives me the heebie-jeebies. With full time sync…a corrupted database on any of my devices or their’s wipes out all the other copies essentially at the same time since corruption in the encrypted blob is just more encrypted blob to the sync engine…and without the capability to restore their own copy of their own data from last night’s backup that just fails the 1, 2, 3 backup scheme that so many security pros including myself believe in.
I’m not going to say v8 is a bad product…just that it’s a bad product for me. If one is willing to live with what I consider as deal breaking issue then I would say go ahead and use it if you want but I advise against it. Others mileage may…and does…vary and at least several posters here are perfectly happy with it…to which I can only respond OK for them.
I’ve been happy as a clam with the product starting with v3 or maybe even v2…but the company has changed and IMO their business model and focus has changed and that’s not a good thing for individual users.
Thanks for those details.
Owning my own data is important to me, too. But jumping ship right now is a massive project that I’m not prepared to tackle right now. Reminds me of when I had to switch from Quicken (and many years later, BACK to Quicken). Weeks of prep I’m not eager to take on. I only recently got 2 of my kids trained on how to use our Families subscription, and that remains a challenge.
I’m hoping in a couple years that TidBITS will have an article showing a much greater adoption of one of the more open solutions as well as a smooth migration strategy to get there from 1P…
Jumping ship to Enpass…which is where I would go if I was doing it today…is pretty straightforward from my testing and reports of others. However…I’m just sticking with v7 for now until it’s either cancelled or quits working under whatever comes after Ventura as I think that one will be fairly safe that v7 will still work. Assuming v7 is no longer an option then there might be something better than Enpass by then…like a keychain that provided sufficient features.
My problem is kind of resolved. I frequently clear Safari’s history. This apparently is a known bug in 1Password 8. The workaround is to quit Safari and then restart it. Which is not a big problem. The only thing is you get a " New sign-in" email from 1Password every time, which is not a problem at this time.
I still liked the way 7 worked. With 8 you have to work with the 1Password icon in the Safari toolbar to get it to autofill. It’s an extra step.
If you grant Accessibility access to 1P8, Cmd-\ autofills fields. See Use Universal Autofill in apps and browsers on your Mac | 1Password
Having used 1P since v1, I have accumulated way too much crud in my vault. In spite of a valiant cleaning attempt 6 yrs ago I still have over 800 active items and 200 archived. Where are you Ms Kondo??
While I appreciate that getting a new manager would offer me an opportunity to thank many of the items for their service, I know that I will look the “Import All” in the menubar. So I intend to use v7.9.5 as long as possible.
I have looked at others. Bitwarden and Dashlane I disliked. My current front-runners for when 1P 7 dies are Enpass, Secrets, and Minimalist. Purchasing a manager is a $50 to $80 investment which offers another excuse for procrastination. As I very seldom find myself in front of a non-Apple device, Minimalist is my current favorite. It may not be widely used, so I have difficulty finding useful reviews, but in my several months of ( limited ) testing I have found it satisfying.
Really though, I am hoping Apple finally gets round to providing a decent password and secure file manager in the OS soon, i.e. before 1P 7 becomes unusable.
I did not find those before…will check them out. Like you…I have lots of old dead ones but…mostly…I’ve added do not use to their titles so would be relatively easy to archive those before moving. Maybe…although I’m not holding my breath…they will fix v8 with the addition of removed capabilities.
Here’s hoping Passkey comes to pass (bad pun acknowledged). 1Password does many things well, but it’s been getting more complicated. Probably mostly the fault many security measures being implemented by websites and Apple. Non-native app, not sure of the impact. 1P and KeyChain step on each other. That is to say, 1P is getting painful because it doesn’t work well on many sites, doesn’t open when it should.
1P was barely working on my M1 MBP until it updated to 12.4. Got better but still painful.
I’m with you now, Neil. I’ve been with 1P since the beginning and I have accepted the subscription model as well worth the yearly cost but there is NO way I am going to trust AgileBits or any other co. with storing my entire database of passwords in one single storage place in cloud! Wouldn’t it be the height of irony if it showed up in their “WatchTower” one day! LOL not LOL.
I’ve downloaded Enpass and will be ready to export/import to it whenever 1P v.7 is nearing EOL. Unless/until you report finding a better new solution than Enpass.
I see the complaints about the upcoming cloud model are still raging on AgileBits own user forum.
The only issue I see with the cloud storage requirement of 1P is that we don’t know how resilient their cloud is. The ability to export would help mitigate resiliency but not including it is a head-shaking omission.
As far as data leakage, I’m not concerned with storing passwords in the cloud as long as it’s encrypted with a strong algorithm and a key that only I hold. I figure if that’s good enough for my customers in the financial services industry, that’s good enough for me.
AgileBits can’t see my data and it’s very very very unlikely that anyone will get access to my information should AgileBits somehow get hacked. The same applies if someone hacked my computer and exfiltrated my local password database.
Yeah…it isn’t the storage in the cloud that bothers me…it’s the storage in the cloud that they’ve provided zero explanation as to how they handle redundancy, backups, restoration, multiple data centers and the like. I’m pretty sure that they actually have decent processes in place on their end…and that 1PW the company has sufficiently adequate backups for 1PW the company.
But as anybody who’s ever been in IT or who believes in the 3-2-1 theory of backups…relying solely on 1PW the company’s backup routines whatever they are is insane. If they provided the ability for an automatic daily backup to a place of the user’s choice…Dropbox or the user’s computer where it will get Time Machine backed up and whatever other backup routines the user has…then most of the griping would go away. The older v7 has this capability and IMO it was deliberately removed in v8 as part of their whole forced subscription plan driven by the make money attitude of their new VC masters…they have said that they retain control of the company…but if the VCs own 49% or even 20% then the VCs have seats on the board and the company isn’t going to go much against the wants of their partial owners. I’m actually just fine with that…their company they can sell if they want…but removing user used features in support of that goal just goes against all common sense backup and data recovery ideas.
They’ve said over on their forums that because of their secret key and your master password that only their cloud will work…and that just seems pretty ludicrous to me unless they deliberately designed the system that way…and that gets back to money and profit and all that.
Like you…I’m not concerned in the slightest about somebody getting ahold of my encrypted data from either 1PW’s servers or DropBoxes or iCloud’s or whatever…it’s encrypted so no big deal. They claim that their secret key and master password make it even better because there are two of them. But essentially…the secret key is just…another password and one requires both to get into the data. Because their secret key is 30 something characters long or something like that…although mine at least is missing one of the 4 basic password food groups so it isn’t as good as a more complex 30 something long string…then they can claim that along with your master password it’s more secure because most people don’t use passwords that long. That is technically correct…but in reality 100 trillion trillion centuries isn’t really any better than a plain old trillion centuries would be for cracking time…but they’re not lying. And their secret key/master password combo really isn’t any better than a dropbox password/master password combo would be from an actual practical standpoint,.
Agreed. It would be shocking to me if AgileBits has built their own cloud infrastructure. Actually it would be stupid if they did because operating a resilient, redundant, secure cloud infrastructure is not a trivial task. It would not surprise me if they used one of AWS, Azure or Google Cloud. However if they are going after the corporate market, they are going to have to provide information about how their cloud is housed and secured. No corporate security department will allow a cloud to be used unless that information is forthcoming and the data centers are audited.
I found their security white paper. https://1passwordstatic.com/files/security/1password-white-paper.pdf#page64
While it states that the relational databases backing 1PW are in AWS Aurora- which does have resiliency and redundancy built in, they do not provide info in the paper about the 1PW servers that access the database. It’s a safe bet IMO that these servers are located in AWS EC2 but that doesn’t answer questions about how they are achieving service resiliency and availability (relying on one region is resilient but not necessarily highly available).
And it certainly doesn’t answer questions about how the data is protected (e.g. backups). Simply replicating data is not sufficient as we all know that replicating garbage results in garbage all around.
There is, indeed, File | Export in 1Password 8. It exports in either 1P’s format, or can create .csv files to import into other apps.
I believe that there was one time that there was a brief outage since I upgraded to version 8 last month, but vaults are synced to local devices, so you can still get data if you need it (just as you can look up data on the iOS version if you are disconnected from internet services.)
That certainly is a help that they have a local copy that they keep in sync with the cloud. And I had not heard that their export had a 1PW format option - only a csv format option. Hopefully they have an import option for that as well.
Head scratching is definitely reduced.
I see your point, so the actual problem is not having an accessible backup available to the user.
Got it. In the meantime, I have played around with Enpass and it is looking good if and when needed. Almost looks like a 1P clone.
Just to follow up, even after installing 1Password 8 on my iMac, I’m still presented with the same confusing pair of Chrome Extensions to choose from. 1P makes no effort to link me directly to the “right” one or even explain which to pick, or why there are two…