* Provocative headline, designed to attract attention
* Use of the word "Exclusive" to imply that this is important information
* Says acquisitions talks *are* underway, despite having little or no evidence of that
* Update, placed at the end of the story, that disconfirms the story
* Placement on aggregator sites like Reddit and Hacker News in order to drive pageviews
I rarely say this about stories on the frontpage, but in my opinion, this story should be flagged and deleted. There's no content here, and driving traffic to bgr rewards them for putting out this kind of fake news. This story reads like someone took Ryan Holiday's book, Trust Me I'm Lying and treated it as a field manual rather than a set of warnings.
Also this response. :D
15m15 minutes ago
Replying to @1Password @markgurman
I’d literally pay Apple to acquire you just to avoid more “my humans and I” tweets.
Did you mean that kind of meme? If not, I may have some bad news.
You added an unnecessary level of indirection. The startups don’t have memes. They are the meme.
I'll take 'my humans and I' style cringe over laboriously pointing out somebody's skin colour and gender as defining characteristics any day. There's nothing intelligent about it.
I’m boxed in a corner. If I explain it one way, you’ll interpret a Luddite sentiment. If I explain it another, you’ll interpret an affinity toward socialism. Yet another, and you’ll conclude I’m mentally challenged. I’m still working on vocalizing my detest for the valley and this audience in a form which is productive as opposed to punitive, so you’ll have to check back with me when I’ve matured that.
We use the Teams feature with developers across macOS, Linux, and sometimes Windows. The web interface allows us to manage multiple password "vaults" in a single place, and those credentials are then easily accessible via the browser extension.
Still blows LastPass out the water even with that flaw.
Guess B2 was the code-name for a different project, one focused on leak detection.
On the other hand, the biggest barrier to adoption that I have found is people losing their master password. And supporting good account recovery is difficult and expensive. A subscription service that actually had a real way of validating identity for account recovery could be something worth paying for, for people who are not very tech savvy.
Maybe we can come up with a good account recovery service without dedicated customer support folks, but the moment you have a bad experience, you're probably going to go back to Password123.
Had this thought yesterday when I switched to Apple Music and wondered why they don't bundle their services... could even offer regular handset updates.
Edit: zero affiliation with Bitwarden
1Password seems to be OK. I use it and pay subscription. Except for frustrating login experiences with some websites, don't have any problems.
Never heard of Bitwarden, doesn't seem particularly compelling compared to 1password.
I haven't used it, so I'm not sure how feature-complete it is.
If anyone knows how to use it to retrieve passwords / copy them to the clipboard, I'm curious because we use it at work.
edit: It looks like it might be possible , but it requires a long command or a command alias. The lack of tab completion is kind of problematic though.
op get item <name or UUID> | jq '.details.fields | select(.designation=="password").value' | sed 's/"//g' | pbcopy
> We believe security shouldn't be proprietary. 1Password only uses standard, documented data formats and encryption methods, so you can import and export your most important information at any time.
It's pretty standard to not be able to audit a company, and most of us do business with all of those companies anyways.
It's pretty obvious when UPS mishandles your packages, it's either missing, damaged, visibly opened (e.g. security tape broken). It's likely very rare that they would 'mishandle' a package in such a way that you would not be able to notice. Companies like 1password can (and likely do) use your information in ways that are impossible for you to detect, so this analogy does not apply.
> how my dentist handles my records
In the US, you have HIPAA, and there are big penalties for mishandling medical records. The same does not exist for businesses like 1password, so this analogy does not apply.
> how Papa Johns handles the ingredients that make my pizza,
There are sanitation and food handling laws (in the US), and food service companies can get shut down for mishandling food. The same does not exist for businesses like 1password, so this analogy does not apply.
Edit: Since HN's commenting system arbitrarily limits the depth of comments:
My point is that your analogies are not similar. In your analogies, there are legal penalties for violation, whereas in the case of 1password, there are 0 legal penalties and very likely 0 financial penalties for malicious behavior when it comes to your information. In case you still don't believe me, see: Equifax. We can all trust their CEO now, right? (wrong)
Yes, there are regulations and consequences for mishandling food and patient data but I still have no personal way to ensure that these practices are followed. In the end, you have to trust the entity that you are doing business with. The same applies to 1Password.
Which is not to say that FOSS can't be secure, but getting back to my original point, since either way I have to trust experts, I might as well pick the product that wins on functionality and polish.
It also has a neat feature where it can discover other peers on the network and auto-sync the password for use when the clients are offline.
Overall, the quality of 1Password is amazing and I'm sure that had a lot to do with the fact they get paid to do it to. Open source is great and I don't know if KeePassXC has a revenue model but I personally think my money spent on 1Password was put to good user.
> mobile apps
> shared passwords
Cannot be done securely.
Disclaimer: Using 1Password 5, which was a one time payment.
Dropbox can be swapped out with other storage services.
At least on iOS, this doesn't appear to be meaningfully true. With 1Password if I have navigated to a site's login page in Safari, all I need to do is hit the 1Password Activity button and it will populate my name and password.
With "Keepass Touch for iOS" my options are either: "You're browsing wrong. If you want to log in to something, use the integrated browser" or "switch apps from safari to Keepass, copy username to clipboard, switch back to Safari, paste username, switch back to Keepass, copy password, switch back to Safari, paste."
No thanks. This is still meaningfully behind in the usability department.
And ultimately, the point is 1password’s db should be well encrypted so you don’t have to trust the underlying storage.
Not so much. My creds were leaked in their 2012 breach.
The passwords should be encrypted at rest (and are with KeePassXC), so Dropbox' (or iCloud's, for that matter) security is irrelevant.
Version 6 was a free upgrade.
God, the icloud keychain cannot die soon enough. What a shit show.
One of the deciding factors for me switching 100% to iOS and MacOS was the unified keychain across all browsing and apps. For the first time in ever I rarely do password resets in an app. There are a few apps that "brilliantly" roll their own password input fields and those don't work, but they are rare. And a few websites that split the username and password onto separate screens that are kind of hit or miss, but again rare. And on the ios12 beta, the keyboard grabs one-time sms codes and auto-inputs them with one tap.
From my layman's perspective I have one keychain and it has everything in it. And it just works 99% of the time. But I don't use it for AWS anything. I don't know or care about the different kinds of keychains -- they just work.
Not doubting your experience, just wanted to throw out there another one.
I only wish Authy (my current preferred 2 factor token generator) was more integrated with the Apple keyboard, but it has a widget that makes things pretty quick.
I hate it when big companies do this. They often shut down good products and then years later they've only implemented a fraction of the acquired product's feature set into their own product.
I've spoken with the Bitwarden team and they indicated that it was a limitation of iOS and there wasn't anything they could do on their end.
(no additional info, just for convenience looking it up)
1Password for Android doesn't drive any Apple product sales.
I only have to remember one long complex password that I have never used anywhere else and that secures and encrypts all my other passwords. And rather than searching and copy pasting, a browser extension can fill in passwords when I request.
Add to that, a password manager generates a long and complex and unique password for every account I have so I don't have to make one up or go to another source to create it.
And one of the coolest features, though it doesn't work everywhere and I am only familiar with LastPass, is its ability to automatically change passwords. On certain sites, I can tell it to rotate all the passwords in my file. It logs in and makes the changes for me.
Also these companies provide nice integrations with web browsers and OSes which makes using complicated passwords easier.
It’s true that a hacker with your master password would own the keys to your life, but that’s often true in general: despite repeated requests to not have a single password, most people have a one or just a few passwords they reuse everywhere. This is a better way because you can focus on remembering one big password, add 2FA, and have unique, complex passwords everywhere else.
I haven't looked too closely at 1password - but with for example bitwarden the master password is used via kdf to encrypt all data client side. If you don't self-host - you're still just a single service away from compromise (an attacker could log the passphrase in a compromised client) - but on balance I'd say it's more secure than trying to memorize dozens or more strong passwords.
If the acquisition takes place, I will switch immediately. I am against vendor lock-ins and Apple is the first company I associate with that.