Wednesday, August 11, 2021 [Tweets] [Favorites]

1Password 8 for Mac Early Access

Dave Teare (tweet, MacRumors, Reddit):

Categories now sit atop your item list as a simple dropdown filter, giving the sidebar plenty of room to show all your vaults and their accounts.

You’ll also notice an indicator next to each shared vault, making it easier to see which vaults are private and which are shared. No guesswork. And items show who they’re being shared with.

Throughout the app you’re in more control, with more contextual information available at all times. Try dragging-and-dropping an item from a personal vault to a shared vault. When you do, 1Password will show you who will gain access to the item so there’s no doubt about what’s happening.

[…]

I personally use Collections to hide family vaults that I only need access to in case of emergency and don’t want to see every day. It’s also great for hiding production work accounts until I explicitly require them.

[…]

[The] next generation of 1Password gives you more power to recover data, starting with item drafts, the ability to restore recently deleted items, as well as being able to revert to previous versions of an item.

Dave Teare (tweet):

What makes this [Linux] release even more amazing is it was created from scratch and developed using new languages and techniques most of our team never used before.

[…]

The backend is written in Rust, a true systems programming language known for its safety and performance. Rust compiles directly to native code and avoids the overhead associated with runtimes or garbage collection.

On the frontend side of things we used web technologies to allow us to create an entirely new design language for 1Password.

The new Mac app uses Electron, too, as you can immediately see from how the fonts and controls look. A two-person team can write a native AppKit app, but a team of 473 starting with a mature AppKit codebase has other priorities.

bgentry (also: Miguel de Icaza):

The most disturbing part about this is that their support team has been misleading people on Twitter all morning, not truthfully answering straightforward questions about whether the app is Electron

The language and compilation status of the backend are not relevant to whether the frontend is native.

Curtis Herbert (Hacker News):

The blog post screenshot had me all “yay, looks like it matches the new sidebar style in macOS, wonder if it is Catalyst or SwiftUI?”, then I opened the preference “window” … which is an Electron-style modal inside the main window.

Ben:

To minimize file size and maximize performance, we’re offering separate Apple silicon and Intel builds.

A hallmark of Electron.

Of course, you can see why a company would want a cross-platform solution to reduce the number of codebases that need to be developed and kept in sync. It’s interesting that, even though there’s already an iOS version, they decided not to go with Catalyst. As to Apple’s other cross-platform technology…

Roustem Karimov:

We have a large Apple dev team and had a parallel SwiftUI codebase being developed for about 6 months. It had some advantages but overall it underperformed on macOS and the UX was worse.

recursion_is_fun:

What’s more concerning is the shortcut change. ⌘\ is deep in my muscle memory, but more importantly it’s in my (less tech savvy) family’s muscle memory. I strongly urge you to consider retaining the default shortcut bindings in the final release.

Dave Teare:

1Password 8 has a new Quick Access feature that’s activated by ⌘⇧Space and supports Go & Fill.

Dave Teare (Hacker News):

Even though memberships won by a long shot, our existing apps already supported both so we continued to offer standalone licenses. This included support as well as new features and updates for license holders.

In our new apps, however, we needed to revisit this approach…

[…]

We’d like to thank you for supporting us all these years and provide a special trade-in discount for your license. Simply email us your license and enjoy 50% off your first 3 years.

The new version drops non-subscription licenses, standalone vaults, and support for Dropbox, iCloud, 1Password mini, and 1PasswordAnywhere.

I’m not sure what I’ll do from here. I’ve been using PasswordWallet myself since the writing was on the wall for standalone vaults and my favorite feature in 2017. But the rest of my family is still on 1Password/Dropbox. Much as I don’t like these changes, I’m not sure there’s a multi-user product that’s better.

Ricky Mondello:

No matter what anyone else does with their offerings, iOS and macOS have a built-in, free password manager. I love our new, Mac-native interface in macOS Monterey, which has clear, helpful security recommendations (including breach warnings!) and a verification code generator. :)

This is a temping option because it’s fully integrated and built on iCloud Keychain. Although it’s not inherently multi-user, you can configure a single Mac with separate accounts for different users.

Previously:

Update (2021-08-13): Kristoffer Forsgren:

Please stay native on macOS! 😬 (no electron)

1Password (in June):

Don’t worry, we’re all about the native apps. ❤️

Rui Carmo:

Having used 1Password since its very beginning, I grew increasingly distrustful of their product management and roadmap (the key point for me being that I will not subscribe to their cloud syncing service), so this is an attempt at putting together a systematic list of decent alternatives for my own use.

Jordan Rose:

[Someone] pointed out that Discord, League of Legends, Docker for Desktop, Epic Games client, and many bits of Steam are “basically Electron”, and we don’t hate them.

But all of those have /awful/ UX on a Mac (except LoL, I don’t know LoL).

I get why Electron is winning (won?). Signal Desktop is Electron too. But macOS had an actual design language and accessibility and interoperability between apps basically for free, and Electron apps lose 90% of that because it’s not how web pages work. So I’m gonna resent it.

(I also blame Apple for not placing value on this in their own apps. I miss Mac-assed Mac apps.)

texec:

This is a big step backwards. No native UI, no local vaults, no wifi sync, shortcuts not modifiable, no (fast) vault switching, quick access is much more restricted and shows less information.

[…]

Oh and the UI is not faster. Only a mess of different font sizes, too much whitespace and indistinguishable buttons :(

Francisco Tolmasky:

I find it really strange that people are way more concerned with @1password using Electron than dropping local vaults and going subscription-only. I care way more about owning my passwords that connect me to every service in my life than what framework the app is written in.

Oluseyi Sonaiya:

VC isn’t why 1Password switched to Electron, though. That’s a simplistic conclusion, and I’m someone who is deeply unimpressed by “Tech” VC.

Jeff Johnson:

It’s almost always the little indie devs who have native apps on Mac, iOS, and maybe even Windows and Android, almost always the BigCos who use ugly cross-platform frameworks.

Dominik Wagner:

Apple had the chance to solidify their dev-lead by unifying their situation. E.g. make catalyst really first class and evolve the APIs nicely.

Instead they tried inventing their own language (swift) and make the future dev landscape so confusing people go electron and x-platform.

JF Martin:

I don’t understand a company with a mature codebase built on AppKit since forever, turning to a cross-platform framework like Electron. I mean, it’s not like if they didn’t have a Mac app, right? They do, it’s already supporting Apple silicon too. I guess they didn’t like SwiftUI or Catalyst.

Ilja A. Iwas:

SwiftUI is too little, too late, if prime Mac apps are dropping it in favor of Electron. All the years it took to mature Swift(aka adding fancy language-geek features) might have been spent better elsewhere. Not sure if Apple cares, or what they should have done differently.

Stephan Michels:

All these years where we waited for a common base in AppKit and UIKit. And then we got this abysmal Marzipan thing. With SwiftUI it’s getting better.

Maximilian Mackh:

Downside to Catalyst is the lack of backwards compatibility - it only got really good in 10.15. 1PW probably needs to deploy much further back.

And SwiftUI itself is even rougher prior to macOS 11.

Roustem Karimov:

Seems like a good time to post a link to the presentation that @mitchchn did this year at @NorthSec_io conference about all the security problems with Electron apps[…]

See also: 1Password Community Discussions, Reddit.

Michael Fey (tweet):

However, with four full stacks of client implementations of our server APIs, any changes needed to be coordinated across four teams. Four teams that were still operating independently. Each time our server team lead would come to the client leads and ask us how long until we could support some new feature, each of us said the same thing: “Now’s not a good time, we’re busy. Maybe in a few weeks?” And that estimate of a few weeks was different for each team. We kept advancing our apps with cool new features, but we weren’t advancing our service-based features. We were paralyzed.

[…]

A small team, using existing pieces of various apps and projects, put together a proof of concept of a brand new 1Password app running on top of what we now call the 1Password Core.

[…]

On April 1st, 2020 we officially put our existing 1Password apps into maintenance mode, opened up our source code editors, and clicked File > New Project… on five new 1Password apps.

[…]

We could support as many versions of macOS as we wanted using Apple’s AppKit framework, but that meant adding another frontend toolkit to the mix. We could go all in on SwiftUI, but that meant reducing the number of operating system versions we could support. We could go all in on the same approach we were using for Linux and Windows, but that made it very difficult to create an app that looked and felt at home on macOS.

Ultimately we decided for a two-prong approach. We would build two Mac apps. One written in SwiftUI that targeted the latest operating systems and another using web UI that allowed us to cover older OSes.

[…]

However with a self-imposed ship date of September 2021, our timeline to bring these apps to stable was starting to look a bit tight.

[…]

Despite the fact that SwiftUI allowed us to share more code than ever between iOS and macOS, we still found ourselves building separate implementations of certain components and sometimes whole features to have them feel at home on their target OS.

Ultimately we made the painful decision to stop work on the SwiftUI Mac app and focus our SwiftUI efforts on iOS, allowing the Electron app to cover all of our supported Mac operating systems.

Steve Troughton-Smith:

This is exactly what I mean when I’ve said going SwiftUI-native leaves you little better off than before, still having to write distinct iOS & Mac apps and dividing your time & resources.

Jason Snell (tweet, Hacker News):

What’s really causing all this consternation, I think, isn’t 1Password moving to Electron. Electron is a bit of a bogeyman. The root problem is this: 1Password, originally a Mac-forward software developer, has simply decided that the Mac isn’t important enough.

[…]

Fey’s post clearly spells out AgileBits’s priorities. Android and iOS apps are built with native platform frameworks in order to create the best app experience possible on mobile. For iOS, AgileBits decided to use Apple’s new SwiftUI framework rather than the venerable UIKit, in order to skate “to where the puck was going.” Their plan was to use SwiftUI on the Mac, too. In doing so, AgileBits was buying into the vision Apple has for SwiftUI as a tool to build interfaces across all of Apple’s platforms. Unfortunately, it seems that SwiftUI didn’t measure up on the Mac[…]

[…]

I find AgileBits’s decision-making process incredibly sad. Because as Fey’s post makes clear, at no point did the company consider keeping the Mac-only version of 1Password alive. AgileBits, once a major Mac developer, decided (for legitimate business reasons, of course) that the Mac’s not a platform that deserves its own bespoke app.

Update (2021-08-18): Roustem Karimov:

I don’t agree with the title. Mac is super important to us, both @dteare and I rely on it. I just refuse to believe there is only One True Way of making great apps and everything else should be burned with 🔥

[…]

When we made the decision it was between having a subpar SwiftUI experience (many reasons) or an amazing but (scary!) Electron experience.

AppKit can’t be in the picture, sadly. We don’t want to go back developing 5 different frontends.

Josh Centers:

Apple marketed itself as the privacy company and is confused when customers are mad that they’re scanning photos.

Agilebits marketed itself as making quality native apps and is confused when customers are mad that they’re no longer making native apps.

Simone Manganelli:

If they think Electron is best, don’t have the support team lie to us that they’re native. Don’t say this is good for users. It’s neither. Own the decision.

Mario Guzman:

I was going to take a screenshot to show that @1Password 8 beta doesn’t respect my “Double click an app’s titlebar to [minimize]” when I realized IT HIJACKS Shift+Cmd+4+Spacebar!

Max Seelemann:

1Password is still gonna be the best, despite going non-native on Mac.

The product is immensely strong - top-notch integration on all platforms, team accounts, shared vaults with access control, file storage, etc. I can even see the technical issues.

I’m just a liddle sad 😢

Drew McCormack:

Have to confess, I didn’t really understand the 1Password VC investment at the time. In hindsight, I missed that it isn’t really a password app anymore, but has pivoted to an account management proxy. In that context it makes much more sense. Clever pivot.

Daniel Jalkut:

Apple’s in a transitional period where it’s not at all obvious which of their THREE competing Mac frameworks any serious developer should choose.

It’s super-obvious to me as a long-time Mac developer that sticking with AppKit is the safe bet right now. But for everybody else, the people who should be flooding the ever-growing Mac customer base with new apps? It’s a shit show.

And yes, having any of your most passionate and experienced developers (i.e. me) choosing the most antiquated of your proposed frameworks is not a great place to be in.

Apple sort of “Osborned” AppKit, and it was probably a mistake.

Steve Troughton-Smith:

I’d add that the 1Password devs are competent, well-known devs who have participated in the native Apple developer community for over a decade. SwiftUI’s inability to back-deploy, something I think Apple should clearly reconsider, left them writing two apps for Mac — one too many

Russell Ivanovic:

Also proves what I’ve suspected for a while: SwiftUI is still writing cross platform cheques that the toolkit can’t quite cash. Especially on macOS.

[…]

The weirdest part of all this is that a stock SwiftUI app (where you don’t write custom UIKit or AppKit bits) feels non native to me

Helge Heß:

I found that part the most weird one, because “Write Once Run Anywhere” was openly communicated as a non-goal for SwiftUI. It was “Learn Once Apply Anywhere”. SwiftUI is not a cross platform framework and Apple was upfront about this part.

Rich Siegel:

Whether that meant speed, or compactness, or both. Because it mattered. It still does[…] So, when I download an app that I and a lot of my peers use in the ordinary course of getting work done, and I get info on it, and I see that it’s 180MB (Discord), or 400MB (Dropbox), or 200MB (Slack), or 280MB (Skype), and I know it’s a front-end to a web service, well honestly, I cringe, every time.

[…]

I am firmly of the opinion that “cross platform” means that users of each (desktop) platform that the product supports can enjoy a platform-optimized experience which is tuned in both performance/efficiency and UI behavior for the desktop platform on which it is running.

[…]

To me, a successful cross-platform product consists of three layers:

  1. The high-level UI/UX: platform-tuned, natively implemented using the platform-provided native framework.
  2. The “business logic” which is platform-portable by design and intent, and which implements the non-user-facing parts of the product’s feature set;
  3. The bare-metal interface between the business logic and the platform services (file I/O, networking, etc). As with #1 this is platform-tuned and natively implemented using code that is optimized to be as fast and as efficient as possible.

[…]

There’s no reason to buy a Mac if you don’t get to use the unique advantages of the platform (because Electron apps don’t expose them).

Rick Schaut:

As someone who hasn’t forgotten Mac Word 6, I wholly endorse this thread. There are a couple of things I would say differently. His “three layers,” for example. I talk about sandwiches. The OS is two slices of bread; your app is the meat, lettuce and tomato in between.

Erik Schwiebert:

Something like 80% of the size of the Office suite is due to the fact that we can no longer share common elements between related apps. All frameworks, fonts, proofing tools, must be duplicated N times for N apps. Not to mention being required to ship fat^H^H^Huniversal binaries.

And all that is due to policy.

Colin Cornaby:

So, in since I dabble in a lot of cross platform stuff, here’s my thread on all these cross platform framework things going on.

[…]

Management thinks these things look great. In a few weeks you go from nothing to a minimum-viable-product that runs everywhere! Amazing! Why would anyone ever do native development! These frameworks are so fast and economical! It’s amazing!

[…]

So the problem really is that teams can make amazing initial progress, and then have the cross platform tooling work against them more and more as the product grows. This cost isn’t obvious, and typically goes unmeasured by stakeholders who pushed cross platform to begin with.

Thaddeus Ternes:

Without a public platform roadmap that articulates where they’re going, UI toolkit decisions and development time become large risks for businesses.

On Apple platforms, new toolkit features are almost never back-ported. You concede platform capabilities by choosing to support older OSes. When you choose newer toolkits, target audience is limited, and you’re beholden to the grinding annual cadence of surprise changes.

If you choose Electron, you get support for old OSes, modern features, and a clear roadmap of what’s going to be supported when. Businesses need that predictability.

Electron is effectively a means to mitigate development risk (a service quite a few vendors have made good money on for decades).

One might argue that Apple is effectively forcing businesses to use Electron because of their secrecy.

Francisco Tolmasky:

I think the history of tabs serves as a fascinating case study of how Apple’s neglect for its own UI frameworks assisted the rise and acceptance of cross-platform frameworks like @electronjs and the corresponding decline in the importance of “nativeness” and “the HIG”.

[…]

Although Apple had shipped tabs in Safari, developers were left to their own devices to figure out tabs for the individual apps. Critically, this was true both in terms of implementation and behavior. With no AppKit component, there was no strong Apple direction for tabs.

[…]

Apple did eventually end up adding an API for tabs to AppKit, but not until 2017, 12 years after they shipped their first tabs in Safari! By that point, it was more of a pain to convert legacy code than anything, and it wasn’t helped by a woeful lack of documentation.

For a long time, the best resource on how to use AppKit’s tabs was a single WWDC video. And of course, being new, it lacked many of the features existing apps had already implemented. It was too late, now it was a “chore,” not a “feature”, and with little perceived benefit.

What’s important here is that there are two critical components in achieving a consistent OS: the vendor must offer both a strong vision of how things should work, and also provide an easy avenue for making things work that way. Apple has been failing at both on the Mac.

Adam Wiggins:

Developers end up choosing Electron partially because the Mac’s vendor isn’t offering up leadership on how or why you should build native apps for the platform.

Nick Heer:

Years ago, when I was a 1Password user, I remember it being among my favourite apps to use. Who knew that something as boring as a password manager could be fun and beautiful? If a company like 1Password feels like the Mac can share an Electron app with Windows and Linux, that seems like a concerning state of affairs.

[…]

The fact of the matter is that there has never been a good cross-platform framework — not when developers only had to worry about Windows and Mac OS X, and not now when they are trying to cover at least twice as many operating systems. Apple’s attempts — SwiftUI and Catalyst, the latter of which 1Password’s Fey does not mention — have not corrected that problem, and they only cover half of the platforms developers commonly support. When even premiere Mac developers think Electron is the best option they have, it makes me worried.

Colin Cornaby:

I just realized while others are moving to Electron, Apple released a native password manager for Windows [iCloud Keychain Password Manager]

See also:

Update (2021-08-21): Matt Birchler:

All of those are great native Mac apps, but they’re using custom UI elements all over the place. Things has custom everything, Reeder has an iPad-style interface, Craft’s preferences window does not follow macOS conventions, and iStat Menus has some native-ish things with plenty of custom stuff too.

On this week’s ATP episode, Casey Liss referred to 1Password 7 as a “Mac-assed Mac app,” but what part of this UI is using Mac conventions or stock UI? It’s all custom (something Marco did mention).

There are really two different levels here: using a native API and using native (vs. custom) controls and behaviors. Personally, I dislike a lot of the custom stuff, even in apps like 1Password 6 and iStat Menus that are overall good apps. Reeder, to me, looks and feels alien on macOS.

See also: TidBITS Talk.

Update (2021-09-07): Core Intuition (tweet):

Daniel and Manton talk about 1Password’s decision to use Electron for its next major update, and what that says about Apple’s confusing and conflicting platform frameworks. They talk about the continuing role of AppKit as a the only way to achieve many expected macOS behaviors, and wonder if the next-generation standard for desktop apps might actually be a “web technology.”

60 Comments

Are the keyboard shortcuts no longer customizable?

@Uupis I may have missed something, but it seems like they are not.

Kevin Schumacher

Well, this was enough to get me to shut off automatic updates for 1Password.

Unbelievable.

@Uupis That will be added a later date, apparently.

Not customizable, and also there is no way to manage vaults (delete, share, etc) within the 1password app anymore.

Sad day, but I knew this was coming eventually. The fact that it’s an Electron app makes it even less likely I’ll become a subscriber. Been a stand-alone user for 10+ years and will be looking elsewhere. Hopefully there’s another good solution out there.

Yeah, I’m with Kevin — good for them, I guess, but this is enough to push me off. I bought into 1Password a long time ago, but they’ve evolved into a product I’m no longer interested in.

All I want is a simple manager, and the ability to share a login or “vault” with my partner.

I tried the latest beta (8.2.0-44.BETA) on a 16-core Mac Pro, which you'd think would be powerful enough to handle Electron, but nope. It lags when resizing the window. The scrollbar lags when scrolling through the list (and there's no overscroll). Site icons and text all pop into view while you're scrolling because Electron just can't keep up. It's visibly, noticeably slower. I don't understand what the upside of doing this is.

Kevin Schumacher

I've been a subscriber since Families launched in 2016, and was a standalone user prior to that since at least v3. My subscription is up in October, so I have until then to figure out a plan to migrate my family of five users over to...something else. I have no idea what, though.

In the meantime we are not updating our apps past 7.x.

I really, really don't want to give them $48 for another year after this utter betrayal.

Not surprising, but also a bit unfortunate.

For teams, 1P might still be a compelling product. (But is it, though? $8 per user per month on their business plan is kind of a lot when all it does is passwords.) For families, $5/mo for up to five people seems alright. But while uses cases for sharing credentials between family members do exist, even then, a monthly subscription seems like quite an ask to me. What value does 1P keep delivering? They essentially host a sync server, and offer various client apps, with a feature set that mostly already existed a decade ago. What have you been paying for since, exactly?

[ Yet, I can see the business side, too: at some point, you run out of new potential users. And you run out of new useful features to add. If you don't go subscription, how else could you possibly stay afloat? ]

I'm also, of course, not a huge fan of Electron. I begrudgingly use it in Teams, and there are areas where it's… fine, and areas where it's really dumb. Like this new 1P app, Teams's preferences window is a dumb modal that covers the main window. (Similarly, in Teams, if you click on an image someone sent you, it opens in a stupid modal inside the main window. You can't resize it. You can't move it.)

But leave all that aside. I don't want a subscription for a password manager, and I don't want a password manager in Electron, but neither of those is my biggest problem with this story. Instead, it's Apple.

How many more apps need to move to Electron until Apple catches wind of what's going on? When was the last time a new Mac (truly Mac — AppKit, Catalyst, SwiftUI) app delighted you? What compels you when buying a new Mac to think, "well, I could get a Dell, but this Mac has apps x, y, and z, and Windows alternatives are simply worse"?

A decade ago, I found that easy to answer. Apple itself was still heavily invested in first-party consumer and pro apps, from iLife and iWork all the way to Final Cut Pro, Logic Pro, Aperture, Motion, Soundtrack, and others. And cool third-party stuff that seemed uniquely Mac-like or at least done very well on the Mac existed, such as Adium, NetNewsWire, oh and, hey, 1Password.

But now we see many of Apple's own apps either outright killed off or just not as compelling or forward-thinking as they once seemed to be (I still use Numbers, and it's fine, but it doesn't seem to have the innovative drive it did in the 2000s; OTOH, Music, for example, needs a serious overhaul in so many ways). And on the third-party front, the app most people use is the web browser (often: Chrome), many ancillary apps most people use are Electron (IOW: also Chrome). At that point, frankly, why get a Mac? Why not get a Chromebook? Or, if you were waffling on whether you want a Mac or an iPad, why not get the device that sortakinda does both of those OK, and also runs all Windows apps, the Microsoft Surface?

It's painful to read Roustem say that they tried SwiftUI for half a year and stopped. The moment Electron apps started appearing, Craig Federighi should have thought about his elevator pitch on why devs and users alike should still care about the Mac. But when a third-party dev outright says "well, we tried, and frankly, it wasn't that great"? That's no longer yellow alert.

Bye 1Password, macOS keychain, here I come. Side effect: bye Firefox, Safari it is again then.

(Oh, and… I think I'll eventually just move back to iCloud Keychain. Lowers overall resource overhead, has better system integration, costs less, covers most of my needs, and has been gradually improving. Monterey will basically come with a modern take on Keychain Access.)

Old 1Password user

Their on-going "Hide details" policy since the launch of 1Password 7...
This is not about how much their product is solid – Everything what they do, they are not trustworthy anymore, first of all.

Agree with everything Sören, said, but what still feels like a stab in the back is dropping this with happy PR speak, rather than getting out ahead of it with an apologetic tone in a message to the part of their base that they knew would hate this.

I will never understand why companies will drop confetti and streamers around a surprise that breaks an explicit or implicit promise the company made from its inception. Yeah, I know it’s foolish to infer a non-explicit promise from a corporation, but this is the same feeling as all the times new versions of beloved products have broken real promises.

@Lanny: Like all entities subject to competition, corporations make decisions to maximize their success given the incentive structure provided by their environment. If everyone is moving to Electron, then the benefit of building an App based on AppKit is not worth its cost.

The benefit of deploying confetti streamers is that most customers feel they are being cared for. This would not happen with apologies. And the people who are unhappy will probably leave anyway, so there are no benefits to apologizing.

Learn to think psychopathically, and you too will be corporate material!

Wow, this is incredibly disappointing news and it means that I'll need to find another password app. I refuse to use subscription apps wherever possible and given that 1Password 8 will also no longer support Dropbox, that's clinched it for me. I wonder how many long-time users they'll now lose?

I've lived with the subscription model and their relatively high prices, but that's because 1Password has always had first-class Mac and iOS apps. If they switch to Eletron, I don't see why I shouldn't switch to Bitwarden.

I've been using 1Password since v.2, I never got a subscription, since somehow it still works. When it stops working I do not intend to get 1P 8, because by all means it's inferior product.
I can understand why they want to have subscriptions, but passwords is an essential data, and for me it feels wrong to have such kind of data to depend on a subject to payment on time model. Some people feel differently, because a subscription assures them that the essential app will be supported. Yet for me it a wrong incentive.

It was a good run. I am not sure that Apple Keychain can replace it. Bitwarden is not as good either. Feature-wise 1Password 6 was awesome, and all I want is to buy it for various OS. I'd pay $20 per OS (including version), like $20 for iOS 15, but have it supported for that OS for a while. etc.

I couldn't care less about the backend, the fact that the frontend is Electron brings about a whole bunch of usability problems. Forget about opening multiple windows, everything's modal now! None of my accessibility features will work with electron-based apps. Typing is always slower and buggier in electron apps, and they often break support for system-wide settings like languages, shortcuts, formatting and spell-check.

This is a completely bone-headed move and I'm so disappointed after using 1password for so long. I suggest contacting their support team (https://support.1password.com/contact/) to let the know if you feel the same.

Oh, Bitwarden isn't nearly as good as the current version of 1Password... but it does do almost everything, just in clunkier set of apps, but for no money.

If 1Password gives up on app quality I'm going to give up on paying them.

Beatrix Willius

What performance do you need for accessing a minimal amount of data in such a simple app? But I still don't see what they do with the hundreds of developers for a simple app. I'm glad that I switched to Enpass years ago. It's not pretty but it works.

Kevin Schumacher

@Beatrix Willius Thanks for the tip. It's not the most well-designed app I've ever laid eyes on, but I don't think Enpass (on Mac, at least) is ugly by any means. After using it for, like, five minutes, it's a little strange that resizing the middle section on the desktop app (the column listing all your items) has a very small adjustment range, and it's too narrow for my tastes even at its widest.

Beyond that, I intend to keep testing and see how it goes. At $4 a month for families it's exactly what I was paying 1Password, and it covers all the devices I need. I'm not thrilled that I would have to worry about a method of syncing we all have access to and that is not designed for this purpose. We shall see, though.

I'll second Enpass. The app isn't that pretty (appears to be Qt), but its still native (not Electron), multiplatform (unlike Apple's solution), and works well enough.

Most important to me, they are happy to sync through the cloud provider of your choice, including a your own WebDAV server if you have one.

The "lifetime license" pricing has gone through the roof unfortunately (I bought long ago). My hope is this may be a sign they are trying to price it near the real cost of long term support without a subscription model to back it.

They had an AppKit app? Well, there's no future in AppKit. So if you decide to switch to something else, why an Apple-only framework when Electron is good enough? Only picky nerds like us notice or care about the difference.

Reading this thread you’d naturally think 1Password is doomed. But the unfortunate truth is that the vast majority of their users don’t give a rat’s ass whether it’s an AppKit app or an Electron app. They’ll lose some of the folks from here and Daring Fireball but The Wirecutter will still call them the best password manager and they’ll be fine.

I agree with others here that this is another in a string of events that should be triggering a crisis at Apple. I wonder what they’re thinking in Cupertino.

I’m generally pro subscription, but I guess this is one downside. If they relied on upgrade purchases, delivering a worse UI with no benefits just wouldn’t work.

Anyway, the whole reason I’m using 1Password was that it was an indie Mac-first app. I guess neither of that is true anymore.

Yep… the forced move to subscriptions + non-local vaults + Electron is it for me; done with 1Password after a 10+ year run.

Looking into other options, so far Secrets seems decent, even lets you import your data from 1Password:
https://outercorner.com/secrets-mac/

Very sad. I got $20 out of my 1P 6 and 7 licences because I was already a subscriber. Better'n nowt, I suppose, but not the 50% for the first two years on offer.

But what to replace it with? iCloud Keychain has Windows support, but only for Chrome, and anyway it doesn't look like import/export gets you OTP secrets--or does it?

@Sören excellent critique, although in my world "Catalyst" is basically code for "inferior-by-design". As to an excellent app by way of example of how the Mac can still shine, there's Spatterlight. It, and its accessibility support (accessibility is, of course, another important reason to stay native) are making me wonder if a switch back to Windows, which would otherwise be a tolerable if grim endeavour, is possible. Which is ironic, because Interactive Fiction was one of the few things I've long missed on macOS (except in CLI interpreters) and thought I'd be seeing more of on Windows.

Don't forget to fill in this if you want a self-hosted 1Password. iOS doesn't make it easy to use file-based vaults, so I think keeping the door open on 1P is probably still advisable if you want a cross-platform solution besides BitWarden. Any others?

@ Sebby: I was indeed hesitant to include Catalyst among "truly Mac" UI frameworks, but I would wager a Catalyst-based codebase (i.e., taking the iOS app and making that available on the Mac) would still be better than Electron.

I have enougth from 1password. And i also have enougth from all these subscription offers like bitwarden a.s.o.
If any developers like me want to create a free, multiplattform password manager please let me know. My plan is to start something with golang/fyne for easy crosscompile.

Thanks for the reminder to disable auto-updates!

I will be using 1Password 7 as long as it's possible. It's all I need and Wifi sync of my local vaults works perfectly fine. Once it doesn't I'll have to look for a different solution.

I do hope though that the iOS app and the extensions will keep working with 1Password 7 for the time being. It's a shame we can't just pin our iOS apps to a specific version. This shows how user hostile the App Store is in this regard.

Regarding the switch to Electron. I think it's consequential. Once they drop local vaults there is really no benefit to having a native app. It's mostly a web page with offline capabilities and slightly better integration into the OS.

@Steve Yes, I don’t think 1Password is doomed at all. Most customers will be just fine with the new app. I do think this reveals problems with Apple’s strategy/execution if a successful Mac-first app decides it’s better not to be native.

@Geo Secrets looks promising, although the Mac app has a weird iOS-style interface, and it doesn’t seem to support multiple users/sharing.

@Sebby Correct, Apple’s password manager doesn’t import/export OTP. 1Password’s export is also problematic, as I discovered when I tried to migrate away.

Very disappointing they went Electron. It just feels yucky.

I don't mind the subscription, because paying for good sync makes sense to me. But if they are going to an app that is worse and not native, why should I stick with them?

I should note too that I started using 1P back in the version 3 days. This might be it for me.

Would anyone like to comment on Bitwarden or KeePass as an alternative?

I know there are other proprietary alternatives, but these days I'm finding myself valuing apps that allow me to host my own data more and more, and while I used to be down on open source alternatives due to them generally having a worse UX than their commercial competitors, nowadays I find that:

a) Many open source apps have caught up a lot in usability and features, and...

b) I'm so god damn tired of proprietary apps going in the same direction that Dropbox did and 1Password is now clearly going, where the UX and features I care about get dropped as making money for investors takes top priority for the company

It's gotten so bad that I'd rather go through the hassle of dealing with a clumsy open source app than hit the ground running with a commercial app that seems nice at first, only to have it go off the rails after a few years..

I suspect I'll be running Linux instead of macOS before too much longer as well. Big Sur is full of bugs, frustrations, and poor UX.. If it's going to be like that, why not just run Linux and still have all of those things but at least have proper control over how my system operates, like I did with macOS ten years ago?

I really, truly miss how nice it was to use computers back in 2010. I rather doubt we'll return to that level any time in the near future. With any luck it'll happen again in my lifetime.

@Sören You're absolutely right, of course. I shouldn't over-egg it: both are terrible, but an iOS-alike app with similar functionality is clearly preferable. a Gigantic and depressing step off a cliff, of course, but preferable.

I am just very sad about their choices. We have bought and used 1Password since version 3. I could probably live with each of their individual choices. I begrudgingly accepted subscriptions, since I anticipated that they would stop the standalone version. I didn't like moving to their cloud storage, however, it was the only way to seamlessly share passwords with my wife. I heavily dislike Electron apps, but I can sorta see how it makes supporting Linux possible. But each of these changes has been a regression for us, so altogether it feels like they left us early adopters in the cold. To make it worse, their cloud/subscription strategy makes it much harder to move away (what password manager offers sharing, we have to continue to a pay a product we do not like).

However, in the end it does not matter. Mac users who are sensitive to differences between Cocoa and Electron apps are a small minority. Furthermore, they are without competition when it comes to shared vaults, team management, etc. (there is LastPass, but well...) So, they are well-positioned to make serious inroads in the business market. And this is where most potential revenue is. Most consumers are not prepared to pay $36 per year for a password manager (everything is free after all), while for businesses a few dolars per user per month is a minor cost. I can even imagine that businesses prefer the Electron app, since supporting identical apps between Windows, Mac, and Linux is easier.

I think the primary threats to 1Password are browser password management (if one of them supports sharing), SSO, or passwordless authentication (through WebAuthn). But given that most sites do not even offer 2FA, I think the passwordless future is still far away.

Now we have to decide whether to accept this additional regression for personal use as well, or to investigate alternatives.

In a sense, I'm actually glad this happened. I've been a 1Password user for almost 10 years, but over the past couple years, I've lost pretty much all trust in the company and started to regret having evangelized 1Password to so many friends, colleagues, and acquaintances.

There was just too much shady behavior, like the gratuitous use of dark patterns and a ton of dishonest communication (e.g., "We really had to stop offering family standalone licenses; of course not to push people to subscriptions, but because they were just soo confusing! But remember: We love you sooo much!!! Heart emoji, heart emoji, heart emoji!").

Them now claiming the new apps are native when they are actually Electron apps is just another instance of this pattern of dishonesty. The couple hundred millions in VC money they took surely didn't help either to restore my trust in the company.

So for some time now, I've felt very ambivalent about putting my most valuable secrets into an application that's made by a company I no longer consider trustworthy. Them now not just ending the support for local vaults, but also requiring subscriptions and, as a cherry on top, making the apps Electron-based is making it really easy for me to finally make the long overdue switch. I'll also make sure to undo most of the harm I did with the people who I converted to 1Password in the past.

This is absolutely depressing but sadly expected. I've been using 1P for a decade plus and inertia may keep me with them once my standalone v7 stops functioning. I certainly won't upgrade until I'm absolutely forced to.

Does anyone know how to backup the classic extension so I can reinstall it?

I'm going to give Bitwarden a serious look. I wonder how much commercial success Bitwarden needs to have to keep the open source project sustainable.

They've just updated 1Password 7 for Mac on the MAS, adding inter alia touch ID with the new keyboards.

So that's OK. :)

We may well be observing the results of Apple reinventing the wheel, pushing out multiple UI frameworks, plus a new language all at the same time. They have been thrashing on this stuff, and I think it has caused a lot of confusion and cognitive dissonance.

This whole time Apple should have been asking themselves how to make AppKit easier to pick up, and advanced a little more beyond knockout js style bindings system. It seems like Apple set it off into the sunset after the documents/auto save system in Lion. They could have been refining AppKit this whole time and whatever Objective-C might have been if they had simplified it instead of gaslighting developers with an “Objective-C without the c.” I’m absolutely not the first one to point any of this out, either.

In the end, I personally think that 1) Swift will stick, and 2) only AppKit will survive. I feel for what’s eventually coming for the the SwiftUI and Catalyst teams. Microsoft couldn’t even move away from their counterpart (Win32)… after how many attempts?

About switching to Linux… I can say that I have tried in earnest several times on several different distros, including Elementary and Ubuntu. Linux isn’t going to to cut it for desktop computing. It’s messy and it seems like it gets bogged down with cruft after every update. I have started moving to FreeBSD for servers for these same reasons.

1Password has become such a piece of garbage in the past few months. They released an update on Windows which totally broke their browser extension integration sometime in late May or early June, and they won't admit it (instead blaming the customer) despite lots of users reporting the same thing on Reddit, the Chrome Extension website, etc. It was solid for years and now it just won't work 50% of the time when I unlock it. Additionally, when it does unlock it takes between 5-60 seconds when previous versions would unlock instantly (it's not my PC or my ISP). I'm not sure how they could break such a simple piece of software -- must be all the junk they are adding for enterprise users to make their VCs happy.

At this point I don't know what else to use. Seems like Bitwarden is recommended a lot on Reddit, so I guess I'll give that a try.

I’ve moved off 1Password and into Secrets, but am also trying KeePass-based alternatives.

I have a list of the stuff I’ve been trying (and some notes) up at https://taoofmac.com/space/apps/1password if anyone is interested.

(I also know the Secrets developer, who is working on shared vaults, and have tested KeePass with iCloud, so there are multiple workable options out there if you need sharing.)

@ Ben

> This whole time Apple should have been asking themselves how to make AppKit easier to pick up, and advanced a little more beyond knockout js style bindings system.

My understanding is SwiftUI/Combine improves on the binding, etc. story.

It does seem like a missed opportunity that UIKit never had bindings.

>In the end, I personally think that 1) Swift will stick, and 2) only AppKit will survive.

I doubt that. Unfortunately, I worry that all three of AppKit, Catalyst, and SwiftUI will be around for a long time. Maybe they'll figure out a way to merge AppKit and Catalyst into one and the same, but it's not looking good. I expect SwiftUI to always be a higher-level option, rather than the one and only way to do apps. You start with SwiftUI and then mix in AppKit or UIKit bits for more advanced needs.

>I feel for what’s eventually coming for the the SwiftUI and Catalyst teams. Microsoft couldn’t even move away from their counterpart (Win32)… after how many attempts?

It took them eons, but they have been making progress on modernizing their UI frameworks. WinUI basically lets them use the same look and feel as well as technology (XAML) from both C++ apps and .NET apps.

@Rui Carmo: Thank you for this overview. I did not know there was an app for iOS that can handle a KeePass database using a file provider. That's good to know! I'm looking forward to a more complete overview, if that materializes.

After considering my options I think I'll go with a split solution. Bitwarden with vaultwarden sync for logins I need accessible on different devices (iPhone, iPad, possilby Linux or Windows in the future) and a seperate KeePass database for items that are more sensitive and only usefull locally.

My usecase is a little bit easier though because I don't need sharing at the moment. Should this need arise I would be covered by Bitwarden. Although that would probably require a paid license from Bitwarden I suppose.

BTW, KeePass was the first password store I used before switching to 1Password. Back to the roots I guess ;).

I am astonished by the number of people in this thread who would prefer to use an unknown app with native* widgets, instead of a well-known, proven, battle-hardened app with non-native widgets.

I've seen commenters on Reddit say how they won't use it because Electron precludes the use of Touch ID, even though the actual screenshots show Touch ID in action.

I'm struggling to take seriously at people who say input methods in Electron apps are unreliable when Visual Studio Code is today one of the most popular code editors / IDEs in the world.

I'm dumbfounded by the number of people on an ostensibly technical blog that thing 200MB is too much RAM. The uncompressed desktop picture that ships with MacOS takes 125MB or more on most systems, and having a few tabs open in a web-browser -- which is something we all do all day long -- takes over half a gigabyte. In the real world, no-one is parsimonious with memory, and 1Password is never going to be the most RAM-heavy app open in your working day.

There are arguments one can have about Electron, but this drama on display is properly juvenile. The Electron 1Password app looks more native than Apple's Home app for managing HomeKit devices, and more native than Apple Mail which is increasinly a design fossil. It's daft to say their _implementation decision_ somehow reflects on their design consideration.

Accessibility is a valid concern, but I can see Electron apps can enable some accessibility features such as VoiceOver. I'd be curious to see what this is like in practice instead in hypotheticals.

But honestly: if you only care about how your app looks, and not how securely it stores your passwords, why even are you paying for it at all?

I like paying for it in a house with Macs, Windows PCs and Linux PCs, and a pair of iPhones. I would never trust passwords to a closed-source, no-name brand with no proven history.

@Bryan For me, the most important issue is the way it stores passwords. I prefer having more control over syncing and backup with local vaults. I used to be able to run the app without giving it network access. I liked the old 1Password file format that could work even without the app. If I’m going to use a cloud-based solution, I trust Apple’s more.

The Home app is obviously terrible, but at least it uses the right fonts and native controls that respect settings like high-contrast. I don’t understand why you think Apple Mail doesn’t look native.

The implementation decision reflects on the everything. Electron brings in a huge amount of third-party code that they can’t audit. Both the backend and frontend were rewritten using new technologies they had no prior experience with; that’s not necessarily a bad thing, but it’s not the same battle-hardened code. Using Electron suggests that they didn’t understand or don’t care what people (or at least certain people) liked about previous versions of the app. Their dissembling and telling everyone that the app is native (plus hiding what was going on with standalone licenses) calls into question other things the company says. As you say, trust is critical for a password app.

>I'm struggling to take seriously at people who say input methods in Electron apps are unreliable when Visual Studio Code is today one of the most popular code editors / IDEs in the world.

Yeah, but VS Code seems to be the exception rather than the norm.

Teams, for example, is astonishingly slow and buggy with text input. And many basic macOS features are missing. Spelling and grammar? Substitutions? Speech? Services? None of that. You get cut, copy, paste, and you'll like it.

>I'm dumbfounded by the number of people on an ostensibly technical blog that thing 200MB is too much RAM. The uncompressed desktop picture that ships with MacOS takes 125MB or more on most systems, and having a few tabs open in a web-browser -- which is something we all do all day long -- takes over half a gigabyte.

So what? You'll be using this _in addition to_ those browser tabs.

> more native than Apple Mail which is increasinly a design fossil.

Like Michael, I'm not sure what this refers to. I think it's been neglected in terms of modern features, but as far as the UI goes, Mail always seems to get updated with Apple's latest changes to their default Mac look.

>But honestly: if you only care about how your app looks, and not how securely it stores your passwords, why even are you paying for it at all?

This is a false dichotomy.

How much of their purported high percentage of subscriptions vs stand along licenses is because they make it almost impossible to find the stand alone license option? It was very frustrating to find but at least the option existed for version 7.

I don’t mind paying for a subscription. I DO mind being forced to use 1Password.com and no longer being able to have iCloud or DropBox syncing.

I've been lurking here for a very long time. But perhaps I can contribute this time.

Executive summary:

- mSecure for a one-user solution within the Apple ecosystem.
- KeePass open file format with a mix of apps, including MacPass (free MaOS) and Strongbox (paid MacOS and iOS).

I avoided 1Password since forever, mostly because I saw way too much integration into browsers and system. Each integration is another possible open door into those secrets.

For many years, I used mSecure which has both Mac and iOS apps. It's a honest solution, cheap enough, created by a responsive developer. It just worked. Don't rule it out if it fits your needs.

What drove me out was the need to access some passwords on the work computer... running Windows. And then, the ability to share some of the passwords with the family.

Looking for alternatives, I found no obvious solutions. Some alternatives (1Password included) are just too expensive for me, because the money comes out of my personal pocket, and not some company account.

And then I looked again at KeePass. The beauty in KeyPass is the open file format. You are not adopting an app, but rather diving into an ecosystem. You are free to pick and mix whatever works for the situation, including command-line tools or Python libraries that should work everywhere for the foreseeable future.

My picks were MacPass on the Mac and Strongbox on iOS, with vaults shared through Dropbox (for the moment) bit secured a password and with local keys (meaning the Dropbox files and a password are not enough).

MacPass is open source and has proved to be good enough for my needs. You can install it with brew.

Strongbox is a more expensive Mac and iOS application, with both subscription and one-time licenses. I have been using the unpaid version in iOS, which I found reliable and regularly updated. I will eventually buy it.

And I really like that Strongbox supports "merging" of KeePass vaults, which can be updated in several ways including sftp, meaning that I could drop Dropbox.

PS: Thanks @mjtsai for hosting all of this, and the collaborative filtering that you share.

I never used local vaults since the subscription service became available (I subscribed on day 1), so losing that doesn't impact me. That said, I know it really impacts others that depend on local vaults for various workflows and/or security concerns. It's frustrating they are charging the same and offering less for those users. And of course, it is frustrating they are charging the same price for an app that won't be "Mac-assed" anymore. There is zero evidence that is possible to build a "Mac-assed" electron app, since no one has ever done it successfully.

What worries me is there is still zero info, after many people requesting it, on how 1Password is going to build their Mac Electron app. Are they going to take the time and effort to make it as "Mac-assed" as they can (within the constraints of Electron), setting the new gold standard for Electron apps to follow? Or are we going to be stuck with another so-so (or worse) Electron app.

The early access UI wise has some promise, but many of the ugly warts of Electron are still visible. Part of me wants to trust they will get this right, given their history, but the history of Electron is not on their side.

I'm with @Bryan. YMMV but I at least can't see what all the fuss is all about.

I've been a 1Password user since 2009 and moved to a subscription when they first came out. Unless I find out otherwise, I don't have a concern about the security of storing my data online - there have been no issues as far as I know unlike (say) LastPass. I value the convenience of having all my devices supported and in sync and also - for me - my family having easy access in the event anything happens to me.

Yes, the frontend is Electron - I just installed it and I can live with it. It's slower in some respects (e.g. scrolling) compared to the previous native app but I don't care. It's a password manager and not a program something I spend most of the day in.

https://www.sciencedirect.com/science/article/pii/S2667295221000040#!

“Combining the features of client-side and server-side applications, the Electron applications possess a completely different security posture. The attacks typical for front-end applications can now be escalated to the back-end attacks, for example, making a cross-site scripting result in a remote code execution on the user’s machine.”

“…the Chromium rendering engine used inside Electron does not have all the same safeguards as a fully-featured Google Chrome browser. Thus, some protections, like executing JavaScript in a sandbox and maintaining trust zones between the browser and the OS, may not be available to the client-side code running as part of an Electron application.”

https://www.electronjs.org/docs/tutorial/security

“When working with Electron, it is important to understand that Electron is not a web browser. It allows you to build feature-rich desktop applications with familiar web technologies, but your code wields much greater power. JavaScript can access the filesystem, user shell, and more. This allows you to build high quality native applications, but the inherent security risks scale with the additional powers granted to your code.

“With that in mind, be aware that displaying arbitrary content from untrusted sources poses a severe security risk that Electron is not intended to handle. … if your application executes code from an online source, it is your responsibility to ensure that the code is not malicious.”

“It is important to remember that the security of your Electron application is the result of the overall security of the framework foundation (Chromium, Node.js), Electron itself, all NPM dependencies and your code. As such, it is your responsibility to follow a few important best practices…”

Also, VSCode hasn’t been mentioned in this thread but it does seem to raise the issue of https://dl.acm.org/doi/10.1145/358198.358210

I cancelled 1Password today, especially after seeing that they were charging me $60/year. For some reason I thought it was half that. It's just not worth it for me to pay for software that basically quit working reliably 3 months ago anyway. It's sad to see their quality go downhill. I switched to Bitwarden and it seems basically the same, except free.

[…] Roundup of 1Password 8 for Mac Early Access […]

"I find AgileBits’s decision-making process incredibly sad."

If you find AgileBits's decision-making sad, remember that it was Apple -- one of the most well capitalized companies in the world -- that didn't deem it important to deliver SwiftUI on Mac in a timely fashion.

This is all on Apple. AgileBits simply read Apple's actions, not its words.

The trend toward cross-platform tools and frameworks is not going to decrease. Will Apple adapt or resist? (I think we all know the answer.)

And, btw, so much pearl-clutching about a password manager because it scrolls a little slower?

fwiw, various implementations of keepass (db hosted on Google Drive) work really well for me across my Macs and Android devices.

@Bryan But it's precisely that it's how it works, not how it looks which gives people concern about electron. Ironically (again) the special-casing in Windows screen readers possibly means that the experience with VoiceOver will be inferior regardless of the fact that web technologies have historically required a great deal of attention to make accessible to the same extent (because historically interfaces to web browser engines have been highly document-centric). I would try it, to make sure, only both the app and the Safari extension want 10.15 or higher at minimum and I'm still on Mojave. Oh, well. That it is the future seems to be beyond doubt at this stage. Jordan Rose (quoted above) captures it well. The Windows version 7 is usable, but the browser extension is distinctly unpleasant (the "Classic" approach is no more). It is up in the air, but I'm not optimistic.

I am looking at the KeePass ecosystem. MacPass seems very promising, as does KeePassium.

Maybe AgileBits should wait with version 8, an Electron/web application. Just keep version 7 a little longer. It is by far the best password manager for macOS.

And for the people suggesting using Bitwarden or KeePass: Bitwarden is an Electron application too and KeePass uses the generic Qt framework.

@Orie MacPass is native Cocoa; I too cannot use QT apps.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment