Normally I’m conflicted when a big tech company comes to stomp on a market of smaller app makers but the password manager industry has left me with little sympathy.
Years ago I bought 1Password via a one off payment and set it up to sync via my iCloud Drive. It all worked great. Then they took VC investment and quickly every new feature was locked behind a subscription gate. I switched to Bitwarden. Then they took VC investment and I’m sure will end up down the same path (and you could never use a third party storage service with BW AFAIK). A password manager’s remote storage doesn’t need to be anything other than a safely encrypted SQLite file, you ought to be able to save it anywhere.
I think everyone should have a good password manager in 2024 and non tech inclined folks shouldn’t have to battle with upsells and spammy notifications as a price for being secure. If that means they’re using Apple’s offering, so be it.
I don't mind paying for quality software, which I considered 1Password v7 to be. However, their recent v8 launch has soured me on the company pretty severely. The macOS app is a pretty dramatic downstep and their focus on a browser extension over a system/menubar app is frustrating to say the least.
I don't know if Apple Passwords will be a perfect fit for me, I'm hoping someone shares a deep dive on the product soon because I'm not in a position to use the beta, but I'm happy to see some more competition in the space.
It's very much a "death by a thousand cuts" situation - I'm not a fan of the removal of 1Password mini which was my primary interaction with 1Password, especially for the common workflow of password generation/account lookup.
It seems their focus is to drive this into the browser extension but that doesn't cover all of my use cases - I very often need to generate a login password _outside_ the context of a browser and doing so now requires me to open the application and create a new password and save that record while before it was one click away in the menubar.
I'm also annoyed that we're no longer able to define which vaults are included in "all vaults" and the inability to simultaneously disable the browser extension from injecting their UI into websites (the login icons, blue input fields, etc) while keeping the prompt to save a login when a new one is detected.
Another classic issue of a "death by a thousand cuts" situation— you cannot hide the Mac menu bar icon and still keep the background agent running unlike 1Password 7 (Discussion from 2022 silently closed without any resolution here: https://1password.community/discussion/129305/latest-1passwo...).
They've constantly been downgrading the quality and the polish of the macOS app, just for "cross-platform" feature parity- leading to a subpar experience everywhere (Windows is a whole another can of worms).
What about the universal shortcut for triggering 1P across the mac? And autofill within applications? I think the newest redesign is extremely powerful. I wanted to hate it at first but I give big kudos to the 1P team for how thoughtfully engineered the Mac version is. iOS and Windows not as much.
> I'm hoping someone shares a deep dive on the product soon
I have the app open in front of me but haven’t used it much. It’s basically the Passwords pane from System Settings ripped out and with some new fixed smart categories. If that’s enough for you, so will the app be. If not, not.
…but v8 is perfectly fine! I remember a lot of buzz about v8 being slow “because it’s electron” but it’s not slow. I use it on multiple laptops without any issues at all.
I'm glad it's working for you. I use v8 every day on my work machine. My complaints aren't about the speed of the application, but rather the reduced features and removal of any menubar app functionality that was present in v7. I'm not a fan of the UI changes, personally; I don't know why everything needs to have _so much_ space, but I could ignore that.
Don't get me wrong, I'm not a fan of Electron, and I'd prefer it have remained a native app, but that alone wouldn't be enough for me to jump ship. And I'm not even claiming alternatives are better than v8; it's simply that v7 was much better, and I'm actively looking for alternatives.
The very best thing about keepass is that defines a standard and publishes a reference implementation that anyone can build a compatible client for. I like KeepassXC on MacOS and Keepassium on iOS and I keep the DB in sync between them with NextCloud. If I was working on Linux/Android next week I would pick the best clients there and arrange syncing myself, again, without a third party.
And that would be Keepass2Android for Android. I love it, it's perfectly simple and like you, I sync via my own means but there are "easy" options available.
On the desktop there is even a CLI app for interacting with the database, though I also use KeepassXC.
keepassxc is incredible, truly slept on. I use safari keychain as well, as a copy. But my master store is keepass. It boggles my mind that people pay for 1password.
Btw, is keepassxc on Android now or are you referring to one of the many Android keepass apps? I use keepassium on iOS.
I pay for protonmail and also store a copy in protonpass. Proton pass has a nice web interface and doesn’t require me to copy a keepass file or logon to iCloud on my work computer so I use that sometimes too.
> It boggles my mind that people pay for 1password.
I’ve payed for 1Password for 4 years and am a happy customer. But I would also be willing to try KeepassXC if it really offers feature parity.
These are some features important to me, are they supported by KeePassXC?
- Easy password sharing with my wife. We have separate private vaults and a shared vault, and moving a passwords between these vaults is seamless.
- Sync has been seamless for years. I don’t have to worry about e.g. iCloud corrupting my password database and having to restore from off-site backups.
- Integration with many platforms. Currently, that means autofilling/autosaving/generating passwords in common browsers, on MacOS, and on iOS.
- Generating and filling TOTP tokens (no need for Google Authenticator or similar apps).
- Storing and syncing SSH certificates, including acting as an SSH agent (so I have to scan my fingerprint to allow a new SSH authentication).
- Storing non-password items in the encrypted store, e.g. pictures of passports.
- TouchID or FaceID for quick unlocking with everyday use.
> - Easy password sharing with my wife. We have separate private vaults and a shared vault, and moving a passwords between these vaults is seamless.
Not sure about this one. I don't even collaborate passwords in Apple keychain with my own family.
> - Sync has been seamless for years. I don’t have to worry about e.g. iCloud corrupting my password database and having to restore from off-site backups.
Sync with iCloud Drive, Dropbox, Google Drive have been fine for a long time. Plus theres also the option to just keep a password database copy handy.
> - Integration with many platforms. Currently, that means autofilling/autosaving/generating passwords in common browsers, on MacOS, and on iOS.
KeePass is usable on more platforms than 1Password sorry. You could probably get one keepass app or another running on some ancient power PC box running netbsd..
> - Generating and filling TOTP tokens (no need for Google Authenticator or similar apps).
KeePassXC does this
> - Storing and syncing SSH certificates, including acting as an SSH agent (so I have to scan my fingerprint to allow a new SSH authentication).
I have not tried this one, but would be surprised if KeePassXC doesn't do this as well
> - Storing non-password items in the encrypted store, e.g. pictures of passports.
KeePassXC definitely does notes, not sure about photos etc. This is definitely the realm of an encrypted Apple Note for me though.
> - TouchID or FaceID for quick unlocking with everyday use.
KeePassXC has this on Mac, KeePassium does it on iOS really well...
Keepassxc has zero collaborative features and no online sync. I’m a big fan of keepassxc but these reasons are why I pay for 1P. I can add colleagues, guests, family members and have it run on all my devices.
I would instead jokingly say that you would have to pay me to use 1Password.
KeepassXC does have collaborative features and online sync if you just drop the Keepass file in a shared cloud - I use it this way and it's easy to set up. Also, more importantly, the password database is not stored in some server God knows where.
It's not perfect, but keepass does have keeshare, basically one or many sub-dbs on different files that integrates into the main one seamlessly, so in my home we have a 'shared' db each and we can read it and update it from our main dbs.
Did you ever look into KeePass? The solution you're looking for already sort of exists, several more than decent apps which offer lifetime one-time purchases. Not sure what else to tell you. Keychain/"Passwords" is way too obfuscated and user-unfriendly and hostile to data portabillity to the extent I could never trust or rely on it.
Apple is one of the few entities I'd trust for password management. Besides relying on them not being breached, devices I physically have make for good auth mechanisms. It's the one thing I really don't want to deal with a third party for. Irks me a bit how Apple knows this.
And it's not that big a deal to occasionally copy a password onto a Linux or Windows device, or better yet, use the iPhone to authenticate for it.
>and you could never use a third party storage service with BW AFAIK
You can run your own BW server, or at least you could as of a few years ago. It's not well documented, but it was doable. The only reason I don't use BW is because the iOS app doesn't locally cache passwords, and I didn't want to open up my home network or set up a VPN just for a bitwarden server.
I don't have a problem with the subscriptions. I've tried out a number of options over the years, including KeePass, LastPass, 1Password, and most recently Bitwarden.
KeePass was a great bit of software but managing the vault syncing myself and having to wait for (and trust) the third-party Firefox extension to update was tiresome. For about a buck a month, LP was a pretty good deal and handled all of that overhead for me.
I eventually moved to 1Password and it's still what I recommend to most people. $45CAD a year is a pittance for how often I use it. The app and extensions are always up to date, they "just work" even for my 70 year old father. At $12CAD a year, Bitwarden is pretty damn reasonable too.
I don't get the hand-wringing when it comes to reasonably priced services. Development and infrastructure costs money. Yes, a power user can manage everything entirely with free software and a portable sqlite db but that isn't sensible approach for the vast majority of people.
Development costs money and that's fine, but I don't like it when companies act like their pricing is based on the cost of providing a service, and the service is "syncs a single sub-megabyte file between a few devices". You can get that service a thousandfold for free. (And even if they give you more space, that's a worthless addon to almost all customers.)
In particular, the reason it's annoying to sync keepass is because of how the program is designed. There are other managers in that ecosystem that let you log in to google/microsoft/dropbox/anything and then you're done. It all syncs perfectly from then on. It's a development problem, not a need for a dedicated service tied to a specific password manager.
And when I'm considering development cost I'm going to look at things on a 5 or 10 year timeline. I think that's a reasonable length to expect a software purchase to last. On that timescale, Bitwarden is okay but 1Password is not at all a good price.
Shouldn't conflict resolution be in the program itself? It should ask me what to do and be able to keep both versions of the conflicting entry. And if I answer "keep both" or defer to later then it should pack both into the vault and upload that.
(Also I didn't mean thousands of free services, I meant that each one will give you thousands of megabytes for free. Honestly just google and microsoft accounts, and icloud with a device, cover just about everyone. But there are a lot of free storage services if you want them.)
The program itself might not get information efficiently to do conflict resolution (or not at all): for example, you edit a file offline and sync, Dropbox and friends wouldn't be smart enough to just append both of a few bytes worth of data that a password-manager controlled service could since it would be aware of the data structure but would just dump both files, and then both on another conflict etc
So I guess it's just not the same type of sync service that you get for free in those many services
(also I think it's more than a sub-Mb, you have icons there, but also images of docs and what not)
Though maybe this is not an issue as you mention some of the keepass-based apps that go the "app-sync" route instead of manually placed file?
> Though maybe this is not an issue as you mention some of the keepass-based apps that go the "app-sync" route instead of manually placed file?
Right, my main concern here is programs that talk directly to the service's API, because that's the easiest to implement in a correct way. Dumb file storage, but without the worry of stale versions appearing.
Though most people don't need their vault to be robust against simultaneous offline edits from multiple devices.
> (also I think it's more than a sub-Mb, you have icons there, but also images of docs and what not)
I have usernames/urls/passwords, some notes, some icons, and some ssh and bitlocker key files. In total it's 159KB, including a bunch of version history and the recycle bin.
What kind of documents would I put in a password file?
Though some extra megabytes don't really affect my argument much.
> Though most people don't need their vault to be robust against simultaneous offline edits from multiple devices.
This is one of those very rare cases with potentially huge negative effect to make it into a mandatory feature.
> Dumb file storage
Which still suffers from inefficient incremental updates. Curious whether those other managers deal with that (do they split your vault into parts)?
> What kind of documents would I put in a password file?
Whatever documents you want to securely share with others, various scanned docs, so it's not just a few megs, (e.g., Bitwarden offers up to 1G encrypted file attachments)
(though don't use this either, mine is just a few megs)
I use BitWarden and I prefer having the open source and self hosted options for using BitWarden. 1Password does not have those. Despite that, I've been strongly advocating for it at work because it easily has the most polished and refined UI/UX of all the managers I've tried.
Bitwarden is fantastic. And can even pair up with your own open source 'enterprise vault'. Meaning that if you have a decent VPN setup in your home router, you can host the vault in your rpi (for example). It's great
On that note, a simple point where Bitwarden is lacking is the custom fields feature. It feels disconnected, separated from the main fields, and doesn't integrate very well into web forms that use the extra fields. 1Password, on the other hand, handles the custom fields amazingly, and event lets you creat sections to group them together in entries.
Exactly, secrets management is a really critical need that 1Password meets for me, and I'd much rather they charge me an honest price than sell out to advertisers. These things require upkeep (not just defending against everyone trying to break in, but also keeping current on the latest technologies like passkeys), so I find the yearly price of admission is totally reasonable for 1Password's quality and importance.
> I don't get the hand-wringing when it comes to reasonably priced services. Development and infrastructure costs money.
I have no problem paying for software. But in this case I’d far prefer a one-off purchase. The only reason there are ongoing infrastructure costs are because I’m being forced into using the company’s cloud service. I already pay for infrastructure in the form of my own cloud storage. I want to pay, once, for software that will use that infrastructure.
More generally, while I might see the value in paying $45 a year for a password service a lot of non-tech folks don’t. They’re happy using the same password everywhere they go (until they aren’t, of course), making them pay a few months-worth of Netflix to use software they’re already not inclined to use means they just won’t do it.
> I don't get the hand-wringing when it comes to reasonably priced services.
For me, it has nothing to do with the price and everything to do with the fact that I don't want a service dependency for my most critical passwords. I want them to be available no matter what. The product should be standalone. And this isn't a hypothetical concern, either: my employer is contractually mandated to disallow cloud-based password managers, so I must use standalone ones (yes, this is a stupid policy, but one that I'm bound by).
And on top of that, 1Password 5 was an excellent product and it is just steadily getting worse, in my opinion.
I'm with you: I'm happy to pay a recurring fee for a good service, usability, and dependability.
I've been a 1password customer for as long as I can recall, and it feels weird dumping my subscription to save a few bucks when it's been such a great service at a fair price the whole time. Why I'd keep it around if the OS solves the same problems, I don't know … just saying it feels weird.
I really recommend you stop and read the white papers regarding iOS and Apple's Security and Infrastructure design, instead of just regurgitating a talking point from reddit.
https://support.apple.com/en-us/102651 is a nice overview. The "key storage" column is the part to pay attention to. The keys to user keychains are stored on devices only.
Years ago I bought 1Password via a one off payment and set it up to sync via my iCloud Drive. It all worked great. Then they took VC investment and quickly every new feature was locked behind a subscription gate. I switched to Bitwarden. Then they took VC investment and I’m sure will end up down the same path (and you could never use a third party storage service with BW AFAIK). A password manager’s remote storage doesn’t need to be anything other than a safely encrypted SQLite file, you ought to be able to save it anywhere.
I think everyone should have a good password manager in 2024 and non tech inclined folks shouldn’t have to battle with upsells and spammy notifications as a price for being secure. If that means they’re using Apple’s offering, so be it.