1Password 8 for Mac Early Access

Are the keyboard shortcuts no longer customizable?

@Uupis I may have missed something, but it seems like they are not.

Well, this was enough to get me to shut off automatic updates for 1Password.

Unbelievable.

@Uupis That will be added a later date, apparently.

Not customizable, and also there is no way to manage vaults (delete, share, etc) within the 1password app anymore.

Sad day, but I knew this was coming eventually. The fact that it’s an Electron app makes it even less likely I’ll become a subscriber. Been a stand-alone user for 10+ years and will be looking elsewhere. Hopefully there’s another good solution out there.

Yeah, I’m with Kevin — good for them, I guess, but this is enough to push me off. I bought into 1Password a long time ago, but they’ve evolved into a product I’m no longer interested in.

All I want is a simple manager, and the ability to share a login or “vault” with my partner.

I tried the latest beta (8.2.0-44.BETA) on a 16-core Mac Pro, which you'd think would be powerful enough to handle Electron, but nope. It lags when resizing the window. The scrollbar lags when scrolling through the list (and there's no overscroll). Site icons and text all pop into view while you're scrolling because Electron just can't keep up. It's visibly, noticeably slower. I don't understand what the upside of doing this is.

I've been a subscriber since Families launched in 2016, and was a standalone user prior to that since at least v3. My subscription is up in October, so I have until then to figure out a plan to migrate my family of five users over to...something else. I have no idea what, though.

In the meantime we are not updating our apps past 7.x.

I really, really don't want to give them $48 for another year after this utter betrayal.

Not surprising, but also a bit unfortunate.

For teams, 1P might still be a compelling product. (But is it, though? $8 per user per month on their business plan is kind of a lot when all it does is passwords.) For families, $5/mo for up to five people seems alright. But while uses cases for sharing credentials between family members do exist, even then, a monthly subscription seems like quite an ask to me. What value does 1P keep delivering? They essentially host a sync server, and offer various client apps, with a feature set that mostly already existed a decade ago. What have you been paying for since, exactly?

[ Yet, I can see the business side, too: at some point, you run out of new potential users. And you run out of new useful features to add. If you don't go subscription, how else could you possibly stay afloat? ]

I'm also, of course, not a huge fan of Electron. I begrudgingly use it in Teams, and there are areas where it's… fine, and areas where it's really dumb. Like this new 1P app, Teams's preferences window is a dumb modal that covers the main window. (Similarly, in Teams, if you click on an image someone sent you, it opens in a stupid modal inside the main window. You can't resize it. You can't move it.)

But leave all that aside. I don't want a subscription for a password manager, and I don't want a password manager in Electron, but neither of those is my biggest problem with this story. Instead, it's Apple.

How many more apps need to move to Electron until Apple catches wind of what's going on? When was the last time a new Mac (truly Mac — AppKit, Catalyst, SwiftUI) app delighted you? What compels you when buying a new Mac to think, "well, I could get a Dell, but this Mac has apps x, y, and z, and Windows alternatives are simply worse"?

A decade ago, I found that easy to answer. Apple itself was still heavily invested in first-party consumer and pro apps, from iLife and iWork all the way to Final Cut Pro, Logic Pro, Aperture, Motion, Soundtrack, and others. And cool third-party stuff that seemed uniquely Mac-like or at least done very well on the Mac existed, such as Adium, NetNewsWire, oh and, hey, 1Password.

But now we see many of Apple's own apps either outright killed off or just not as compelling or forward-thinking as they once seemed to be (I still use Numbers, and it's fine, but it doesn't seem to have the innovative drive it did in the 2000s; OTOH, Music, for example, needs a serious overhaul in so many ways). And on the third-party front, the app most people use is the web browser (often: Chrome), many ancillary apps most people use are Electron (IOW: also Chrome). At that point, frankly, why get a Mac? Why not get a Chromebook? Or, if you were waffling on whether you want a Mac or an iPad, why not get the device that sortakinda does both of those OK, and also runs all Windows apps, the Microsoft Surface?

It's painful to read Roustem say that they tried SwiftUI for half a year and stopped. The moment Electron apps started appearing, Craig Federighi should have thought about his elevator pitch on why devs and users alike should still care about the Mac. But when a third-party dev outright says "well, we tried, and frankly, it wasn't that great"? That's no longer yellow alert.

Bye 1Password, macOS keychain, here I come. Side effect: bye Firefox, Safari it is again then.

(Oh, and… I think I'll eventually just move back to iCloud Keychain. Lowers overall resource overhead, has better system integration, costs less, covers most of my needs, and has been gradually improving. Monterey will basically come with a modern take on Keychain Access.)

Their on-going "Hide details" policy since the launch of 1Password 7...
This is not about how much their product is solid – Everything what they do, they are not trustworthy anymore, first of all.

Agree with everything Sören, said, but what still feels like a stab in the back is dropping this with happy PR speak, rather than getting out ahead of it with an apologetic tone in a message to the part of their base that they knew would hate this.

I will never understand why companies will drop confetti and streamers around a surprise that breaks an explicit or implicit promise the company made from its inception. Yeah, I know it’s foolish to infer a non-explicit promise from a corporation, but this is the same feeling as all the times new versions of beloved products have broken real promises.

@Lanny: Like all entities subject to competition, corporations make decisions to maximize their success given the incentive structure provided by their environment. If everyone is moving to Electron, then the benefit of building an App based on AppKit is not worth its cost.

The benefit of deploying confetti streamers is that most customers feel they are being cared for. This would not happen with apologies. And the people who are unhappy will probably leave anyway, so there are no benefits to apologizing.

Learn to think psychopathically, and you too will be corporate material!

Wow, this is incredibly disappointing news and it means that I'll need to find another password app. I refuse to use subscription apps wherever possible and given that 1Password 8 will also no longer support Dropbox, that's clinched it for me. I wonder how many long-time users they'll now lose?

I've lived with the subscription model and their relatively high prices, but that's because 1Password has always had first-class Mac and iOS apps. If they switch to Eletron, I don't see why I shouldn't switch to Bitwarden.

I've been using 1Password since v.2, I never got a subscription, since somehow it still works. When it stops working I do not intend to get 1P 8, because by all means it's inferior product.
I can understand why they want to have subscriptions, but passwords is an essential data, and for me it feels wrong to have such kind of data to depend on a subject to payment on time model. Some people feel differently, because a subscription assures them that the essential app will be supported. Yet for me it a wrong incentive.

It was a good run. I am not sure that Apple Keychain can replace it. Bitwarden is not as good either. Feature-wise 1Password 6 was awesome, and all I want is to buy it for various OS. I'd pay $20 per OS (including version), like $20 for iOS 15, but have it supported for that OS for a while. etc.

I couldn't care less about the backend, the fact that the frontend is Electron brings about a whole bunch of usability problems. Forget about opening multiple windows, everything's modal now! None of my accessibility features will work with electron-based apps. Typing is always slower and buggier in electron apps, and they often break support for system-wide settings like languages, shortcuts, formatting and spell-check.

This is a completely bone-headed move and I'm so disappointed after using 1password for so long. I suggest contacting their support team (https://support.1password.com/contact/) to let the know if you feel the same.

Oh, Bitwarden isn't nearly as good as the current version of 1Password... but it does do almost everything, just in clunkier set of apps, but for no money.

If 1Password gives up on app quality I'm going to give up on paying them.

What performance do you need for accessing a minimal amount of data in such a simple app? But I still don't see what they do with the hundreds of developers for a simple app. I'm glad that I switched to Enpass years ago. It's not pretty but it works.

@Beatrix Willius Thanks for the tip. It's not the most well-designed app I've ever laid eyes on, but I don't think Enpass (on Mac, at least) is ugly by any means. After using it for, like, five minutes, it's a little strange that resizing the middle section on the desktop app (the column listing all your items) has a very small adjustment range, and it's too narrow for my tastes even at its widest.

Beyond that, I intend to keep testing and see how it goes. At $4 a month for families it's exactly what I was paying 1Password, and it covers all the devices I need. I'm not thrilled that I would have to worry about a method of syncing we all have access to and that is not designed for this purpose. We shall see, though.

I'll second Enpass. The app isn't that pretty (appears to be Qt), but its still native (not Electron), multiplatform (unlike Apple's solution), and works well enough.

Most important to me, they are happy to sync through the cloud provider of your choice, including a your own WebDAV server if you have one.

The "lifetime license" pricing has gone through the roof unfortunately (I bought long ago). My hope is this may be a sign they are trying to price it near the real cost of long term support without a subscription model to back it.

They had an AppKit app? Well, there's no future in AppKit. So if you decide to switch to something else, why an Apple-only framework when Electron is good enough? Only picky nerds like us notice or care about the difference.

Reading this thread you’d naturally think 1Password is doomed. But the unfortunate truth is that the vast majority of their users don’t give a rat’s ass whether it’s an AppKit app or an Electron app. They’ll lose some of the folks from here and Daring Fireball but The Wirecutter will still call them the best password manager and they’ll be fine.

I agree with others here that this is another in a string of events that should be triggering a crisis at Apple. I wonder what they’re thinking in Cupertino.

I’m generally pro subscription, but I guess this is one downside. If they relied on upgrade purchases, delivering a worse UI with no benefits just wouldn’t work.

Anyway, the whole reason I’m using 1Password was that it was an indie Mac-first app. I guess neither of that is true anymore.

Yep… the forced move to subscriptions + non-local vaults + Electron is it for me; done with 1Password after a 10+ year run.

Looking into other options, so far Secrets seems decent, even lets you import your data from 1Password:
https://outercorner.com/secrets-mac/

Very sad. I got $20 out of my 1P 6 and 7 licences because I was already a subscriber. Better'n nowt, I suppose, but not the 50% for the first two years on offer.

But what to replace it with? iCloud Keychain has Windows support, but only for Chrome, and anyway it doesn't look like import/export gets you OTP secrets--or does it?

@Sören excellent critique, although in my world "Catalyst" is basically code for "inferior-by-design". As to an excellent app by way of example of how the Mac can still shine, there's Spatterlight. It, and its accessibility support (accessibility is, of course, another important reason to stay native) are making me wonder if a switch back to Windows, which would otherwise be a tolerable if grim endeavour, is possible. Which is ironic, because Interactive Fiction was one of the few things I've long missed on macOS (except in CLI interpreters) and thought I'd be seeing more of on Windows.

Don't forget to fill in this if you want a self-hosted 1Password. iOS doesn't make it easy to use file-based vaults, so I think keeping the door open on 1P is probably still advisable if you want a cross-platform solution besides BitWarden. Any others?

@ Sebby: I was indeed hesitant to include Catalyst among "truly Mac" UI frameworks, but I would wager a Catalyst-based codebase (i.e., taking the iOS app and making that available on the Mac) would still be better than Electron.

I have enougth from 1password. And i also have enougth from all these subscription offers like bitwarden a.s.o.
If any developers like me want to create a free, multiplattform password manager please let me know. My plan is to start something with golang/fyne for easy crosscompile.

Thanks for the reminder to disable auto-updates!

I will be using 1Password 7 as long as it's possible. It's all I need and Wifi sync of my local vaults works perfectly fine. Once it doesn't I'll have to look for a different solution.

I do hope though that the iOS app and the extensions will keep working with 1Password 7 for the time being. It's a shame we can't just pin our iOS apps to a specific version. This shows how user hostile the App Store is in this regard.

Regarding the switch to Electron. I think it's consequential. Once they drop local vaults there is really no benefit to having a native app. It's mostly a web page with offline capabilities and slightly better integration into the OS.

@Steve Yes, I don’t think 1Password is doomed at all. Most customers will be just fine with the new app. I do think this reveals problems with Apple’s strategy/execution if a successful Mac-first app decides it’s better not to be native.

@Geo Secrets looks promising, although the Mac app has a weird iOS-style interface, and it doesn’t seem to support multiple users/sharing.

@Sebby Correct, Apple’s password manager doesn’t import/export OTP. 1Password’s export is also problematic, as I discovered when I tried to migrate away.

Very disappointing they went Electron. It just feels yucky.

I don't mind the subscription, because paying for good sync makes sense to me. But if they are going to an app that is worse and not native, why should I stick with them?

I should note too that I started using 1P back in the version 3 days. This might be it for me.

Would anyone like to comment on Bitwarden or KeePass as an alternative?

I know there are other proprietary alternatives, but these days I'm finding myself valuing apps that allow me to host my own data more and more, and while I used to be down on open source alternatives due to them generally having a worse UX than their commercial competitors, nowadays I find that:

a) Many open source apps have caught up a lot in usability and features, and...

b) I'm so god damn tired of proprietary apps going in the same direction that Dropbox did and 1Password is now clearly going, where the UX and features I care about get dropped as making money for investors takes top priority for the company

It's gotten so bad that I'd rather go through the hassle of dealing with a clumsy open source app than hit the ground running with a commercial app that seems nice at first, only to have it go off the rails after a few years..

I suspect I'll be running Linux instead of macOS before too much longer as well. Big Sur is full of bugs, frustrations, and poor UX.. If it's going to be like that, why not just run Linux and still have all of those things but at least have proper control over how my system operates, like I did with macOS ten years ago?

I really, truly miss how nice it was to use computers back in 2010. I rather doubt we'll return to that level any time in the near future. With any luck it'll happen again in my lifetime.

@Sören You're absolutely right, of course. I shouldn't over-egg it: both are terrible, but an iOS-alike app with similar functionality is clearly preferable. a Gigantic and depressing step off a cliff, of course, but preferable.

I am just very sad about their choices. We have bought and used 1Password since version 3. I could probably live with each of their individual choices. I begrudgingly accepted subscriptions, since I anticipated that they would stop the standalone version. I didn't like moving to their cloud storage, however, it was the only way to seamlessly share passwords with my wife. I heavily dislike Electron apps, but I can sorta see how it makes supporting Linux possible. But each of these changes has been a regression for us, so altogether it feels like they left us early adopters in the cold. To make it worse, their cloud/subscription strategy makes it much harder to move away (what password manager offers sharing, we have to continue to a pay a product we do not like).

However, in the end it does not matter. Mac users who are sensitive to differences between Cocoa and Electron apps are a small minority. Furthermore, they are without competition when it comes to shared vaults, team management, etc. (there is LastPass, but well...) So, they are well-positioned to make serious inroads in the business market. And this is where most potential revenue is. Most consumers are not prepared to pay $36 per year for a password manager (everything is free after all), while for businesses a few dolars per user per month is a minor cost. I can even imagine that businesses prefer the Electron app, since supporting identical apps between Windows, Mac, and Linux is easier.

I think the primary threats to 1Password are browser password management (if one of them supports sharing), SSO, or passwordless authentication (through WebAuthn). But given that most sites do not even offer 2FA, I think the passwordless future is still far away.

Now we have to decide whether to accept this additional regression for personal use as well, or to investigate alternatives.

In a sense, I'm actually glad this happened. I've been a 1Password user for almost 10 years, but over the past couple years, I've lost pretty much all trust in the company and started to regret having evangelized 1Password to so many friends, colleagues, and acquaintances.

There was just too much shady behavior, like the gratuitous use of dark patterns and a ton of dishonest communication (e.g., "We really had to stop offering family standalone licenses; of course not to push people to subscriptions, but because they were just soo confusing! But remember: We love you sooo much!!! Heart emoji, heart emoji, heart emoji!").

Them now claiming the new apps are native when they are actually Electron apps is just another instance of this pattern of dishonesty. The couple hundred millions in VC money they took surely didn't help either to restore my trust in the company.

So for some time now, I've felt very ambivalent about putting my most valuable secrets into an application that's made by a company I no longer consider trustworthy. Them now not just ending the support for local vaults, but also requiring subscriptions and, as a cherry on top, making the apps Electron-based is making it really easy for me to finally make the long overdue switch. I'll also make sure to undo most of the harm I did with the people who I converted to 1Password in the past.

This is absolutely depressing but sadly expected. I've been using 1P for a decade plus and inertia may keep me with them once my standalone v7 stops functioning. I certainly won't upgrade until I'm absolutely forced to.

Does anyone know how to backup the classic extension so I can reinstall it?

I'm going to give Bitwarden a serious look. I wonder how much commercial success Bitwarden needs to have to keep the open source project sustainable.

They've just updated 1Password 7 for Mac on the MAS, adding inter alia touch ID with the new keyboards.

So that's OK. :)

We may well be observing the results of Apple reinventing the wheel, pushing out multiple UI frameworks, plus a new language all at the same time. They have been thrashing on this stuff, and I think it has caused a lot of confusion and cognitive dissonance.

This whole time Apple should have been asking themselves how to make AppKit easier to pick up, and advanced a little more beyond knockout js style bindings system. It seems like Apple set it off into the sunset after the documents/auto save system in Lion. They could have been refining AppKit this whole time and whatever Objective-C might have been if they had simplified it instead of gaslighting developers with an “Objective-C without the c.” I’m absolutely not the first one to point any of this out, either.

In the end, I personally think that 1) Swift will stick, and 2) only AppKit will survive. I feel for what’s eventually coming for the the SwiftUI and Catalyst teams. Microsoft couldn’t even move away from their counterpart (Win32)… after how many attempts?

About switching to Linux… I can say that I have tried in earnest several times on several different distros, including Elementary and Ubuntu. Linux isn’t going to to cut it for desktop computing. It’s messy and it seems like it gets bogged down with cruft after every update. I have started moving to FreeBSD for servers for these same reasons.

1Password has become such a piece of garbage in the past few months. They released an update on Windows which totally broke their browser extension integration sometime in late May or early June, and they won't admit it (instead blaming the customer) despite lots of users reporting the same thing on Reddit, the Chrome Extension website, etc. It was solid for years and now it just won't work 50% of the time when I unlock it. Additionally, when it does unlock it takes between 5-60 seconds when previous versions would unlock instantly (it's not my PC or my ISP). I'm not sure how they could break such a simple piece of software -- must be all the junk they are adding for enterprise users to make their VCs happy.

At this point I don't know what else to use. Seems like Bitwarden is recommended a lot on Reddit, so I guess I'll give that a try.

I’ve moved off 1Password and into Secrets, but am also trying KeePass-based alternatives.

I have a list of the stuff I’ve been trying (and some notes) up at https://taoofmac.com/space/apps/1password if anyone is interested.

(I also know the Secrets developer, who is working on shared vaults, and have tested KeePass with iCloud, so there are multiple workable options out there if you need sharing.)

@ Ben

> This whole time Apple should have been asking themselves how to make AppKit easier to pick up, and advanced a little more beyond knockout js style bindings system.

My understanding is SwiftUI/Combine improves on the binding, etc. story.

It does seem like a missed opportunity that UIKit never had bindings.

>In the end, I personally think that 1) Swift will stick, and 2) only AppKit will survive.

I doubt that. Unfortunately, I worry that all three of AppKit, Catalyst, and SwiftUI will be around for a long time. Maybe they'll figure out a way to merge AppKit and Catalyst into one and the same, but it's not looking good. I expect SwiftUI to always be a higher-level option, rather than the one and only way to do apps. You start with SwiftUI and then mix in AppKit or UIKit bits for more advanced needs.

>I feel for what’s eventually coming for the the SwiftUI and Catalyst teams. Microsoft couldn’t even move away from their counterpart (Win32)… after how many attempts?

It took them eons, but they have been making progress on modernizing their UI frameworks. WinUI basically lets them use the same look and feel as well as technology (XAML) from both C++ apps and .NET apps.

@Rui Carmo: Thank you for this overview. I did not know there was an app for iOS that can handle a KeePass database using a file provider. That's good to know! I'm looking forward to a more complete overview, if that materializes.

After considering my options I think I'll go with a split solution. Bitwarden with vaultwarden sync for logins I need accessible on different devices (iPhone, iPad, possilby Linux or Windows in the future) and a seperate KeePass database for items that are more sensitive and only usefull locally.

My usecase is a little bit easier though because I don't need sharing at the moment. Should this need arise I would be covered by Bitwarden. Although that would probably require a paid license from Bitwarden I suppose.

BTW, KeePass was the first password store I used before switching to 1Password. Back to the roots I guess ;).

I am astonished by the number of people in this thread who would prefer to use an unknown app with native* widgets, instead of a well-known, proven, battle-hardened app with non-native widgets.

I've seen commenters on Reddit say how they won't use it because Electron precludes the use of Touch ID, even though the actual screenshots show Touch ID in action.

I'm struggling to take seriously at people who say input methods in Electron apps are unreliable when Visual Studio Code is today one of the most popular code editors / IDEs in the world.

I'm dumbfounded by the number of people on an ostensibly technical blog that thing 200MB is too much RAM. The uncompressed desktop picture that ships with MacOS takes 125MB or more on most systems, and having a few tabs open in a web-browser -- which is something we all do all day long -- takes over half a gigabyte. In the real world, no-one is parsimonious with memory, and 1Password is never going to be the most RAM-heavy app open in your working day.

There are arguments one can have about Electron, but this drama on display is properly juvenile. The Electron 1Password app looks more native than Apple's Home app for managing HomeKit devices, and more native than Apple Mail which is increasinly a design fossil. It's daft to say their _implementation decision_ somehow reflects on their design consideration.

Accessibility is a valid concern, but I can see Electron apps can enable some accessibility features such as VoiceOver. I'd be curious to see what this is like in practice instead in hypotheticals.

But honestly: if you only care about how your app looks, and not how securely it stores your passwords, why even are you paying for it at all?

I like paying for it in a house with Macs, Windows PCs and Linux PCs, and a pair of iPhones. I would never trust passwords to a closed-source, no-name brand with no proven history.

@Bryan For me, the most important issue is the way it stores passwords. I prefer having more control over syncing and backup with local vaults. I used to be able to run the app without giving it network access. I liked the old 1Password file format that could work even without the app. If I’m going to use a cloud-based solution, I trust Apple’s more.

The Home app is obviously terrible, but at least it uses the right fonts and native controls that respect settings like high-contrast. I don’t understand why you think Apple Mail doesn’t look native.

The implementation decision reflects on the everything. Electron brings in a huge amount of third-party code that they can’t audit. Both the backend and frontend were rewritten using new technologies they had no prior experience with; that’s not necessarily a bad thing, but it’s not the same battle-hardened code. Using Electron suggests that they didn’t understand or don’t care what people (or at least certain people) liked about previous versions of the app. Their dissembling and telling everyone that the app is native (plus hiding what was going on with standalone licenses) calls into question other things the company says. As you say, trust is critical for a password app.

>I'm struggling to take seriously at people who say input methods in Electron apps are unreliable when Visual Studio Code is today one of the most popular code editors / IDEs in the world.

Yeah, but VS Code seems to be the exception rather than the norm.

Teams, for example, is astonishingly slow and buggy with text input. And many basic macOS features are missing. Spelling and grammar? Substitutions? Speech? Services? None of that. You get cut, copy, paste, and you'll like it.

>I'm dumbfounded by the number of people on an ostensibly technical blog that thing 200MB is too much RAM. The uncompressed desktop picture that ships with MacOS takes 125MB or more on most systems, and having a few tabs open in a web-browser -- which is something we all do all day long -- takes over half a gigabyte.

So what? You'll be using this _in addition to_ those browser tabs.

> more native than Apple Mail which is increasinly a design fossil.

Like Michael, I'm not sure what this refers to. I think it's been neglected in terms of modern features, but as far as the UI goes, Mail always seems to get updated with Apple's latest changes to their default Mac look.

>But honestly: if you only care about how your app looks, and not how securely it stores your passwords, why even are you paying for it at all?

This is a false dichotomy.

How much of their purported high percentage of subscriptions vs stand along licenses is because they make it almost impossible to find the stand alone license option? It was very frustrating to find but at least the option existed for version 7.

I don’t mind paying for a subscription. I DO mind being forced to use 1Password.com and no longer being able to have iCloud or DropBox syncing.

I've been lurking here for a very long time. But perhaps I can contribute this time.

Executive summary:

- mSecure for a one-user solution within the Apple ecosystem.
- KeePass open file format with a mix of apps, including MacPass (free MaOS) and Strongbox (paid MacOS and iOS).

I avoided 1Password since forever, mostly because I saw way too much integration into browsers and system. Each integration is another possible open door into those secrets.

For many years, I used mSecure which has both Mac and iOS apps. It's a honest solution, cheap enough, created by a responsive developer. It just worked. Don't rule it out if it fits your needs.

What drove me out was the need to access some passwords on the work computer... running Windows. And then, the ability to share some of the passwords with the family.

Looking for alternatives, I found no obvious solutions. Some alternatives (1Password included) are just too expensive for me, because the money comes out of my personal pocket, and not some company account.

And then I looked again at KeePass. The beauty in KeyPass is the open file format. You are not adopting an app, but rather diving into an ecosystem. You are free to pick and mix whatever works for the situation, including command-line tools or Python libraries that should work everywhere for the foreseeable future.

My picks were MacPass on the Mac and Strongbox on iOS, with vaults shared through Dropbox (for the moment) bit secured a password and with local keys (meaning the Dropbox files and a password are not enough).

MacPass is open source and has proved to be good enough for my needs. You can install it with brew.

Strongbox is a more expensive Mac and iOS application, with both subscription and one-time licenses. I have been using the unpaid version in iOS, which I found reliable and regularly updated. I will eventually buy it.

And I really like that Strongbox supports "merging" of KeePass vaults, which can be updated in several ways including sftp, meaning that I could drop Dropbox.

PS: Thanks @mjtsai for hosting all of this, and the collaborative filtering that you share.

I never used local vaults since the subscription service became available (I subscribed on day 1), so losing that doesn't impact me. That said, I know it really impacts others that depend on local vaults for various workflows and/or security concerns. It's frustrating they are charging the same and offering less for those users. And of course, it is frustrating they are charging the same price for an app that won't be "Mac-assed" anymore. There is zero evidence that is possible to build a "Mac-assed" electron app, since no one has ever done it successfully.

What worries me is there is still zero info, after many people requesting it, on how 1Password is going to build their Mac Electron app. Are they going to take the time and effort to make it as "Mac-assed" as they can (within the constraints of Electron), setting the new gold standard for Electron apps to follow? Or are we going to be stuck with another so-so (or worse) Electron app.

The early access UI wise has some promise, but many of the ugly warts of Electron are still visible. Part of me wants to trust they will get this right, given their history, but the history of Electron is not on their side.

I'm with @Bryan. YMMV but I at least can't see what all the fuss is all about.

I've been a 1Password user since 2009 and moved to a subscription when they first came out. Unless I find out otherwise, I don't have a concern about the security of storing my data online - there have been no issues as far as I know unlike (say) LastPass. I value the convenience of having all my devices supported and in sync and also - for me - my family having easy access in the event anything happens to me.

Yes, the frontend is Electron - I just installed it and I can live with it. It's slower in some respects (e.g. scrolling) compared to the previous native app but I don't care. It's a password manager and not a program something I spend most of the day in.

https://www.sciencedirect.com/science/article/pii/S2667295221000040#!

“Combining the features of client-side and server-side applications, the Electron applications possess a completely different security posture. The attacks typical for front-end applications can now be escalated to the back-end attacks, for example, making a cross-site scripting result in a remote code execution on the user’s machine.”

“…the Chromium rendering engine used inside Electron does not have all the same safeguards as a fully-featured Google Chrome browser. Thus, some protections, like executing JavaScript in a sandbox and maintaining trust zones between the browser and the OS, may not be available to the client-side code running as part of an Electron application.”

https://www.electronjs.org/docs/tutorial/security

“When working with Electron, it is important to understand that Electron is not a web browser. It allows you to build feature-rich desktop applications with familiar web technologies, but your code wields much greater power. JavaScript can access the filesystem, user shell, and more. This allows you to build high quality native applications, but the inherent security risks scale with the additional powers granted to your code.

“With that in mind, be aware that displaying arbitrary content from untrusted sources poses a severe security risk that Electron is not intended to handle. … if your application executes code from an online source, it is your responsibility to ensure that the code is not malicious.”

…

“It is important to remember that the security of your Electron application is the result of the overall security of the framework foundation (Chromium, Node.js), Electron itself, all NPM dependencies and your code. As such, it is your responsibility to follow a few important best practices…”

Also, VSCode hasn’t been mentioned in this thread but it does seem to raise the issue of https://dl.acm.org/doi/10.1145/358198.358210

I cancelled 1Password today, especially after seeing that they were charging me $60/year. For some reason I thought it was half that. It's just not worth it for me to pay for software that basically quit working reliably 3 months ago anyway. It's sad to see their quality go downhill. I switched to Bitwarden and it seems basically the same, except free.

[…] Roundup of 1Password 8 for Mac Early Access […]

"I find AgileBits’s decision-making process incredibly sad."

If you find AgileBits's decision-making sad, remember that it was Apple -- one of the most well capitalized companies in the world -- that didn't deem it important to deliver SwiftUI on Mac in a timely fashion.

This is all on Apple. AgileBits simply read Apple's actions, not its words.

The trend toward cross-platform tools and frameworks is not going to decrease. Will Apple adapt or resist? (I think we all know the answer.)

And, btw, so much pearl-clutching about a password manager because it scrolls a little slower?

fwiw, various implementations of keepass (db hosted on Google Drive) work really well for me across my Macs and Android devices.

@Bryan But it's precisely that it's how it works, not how it looks which gives people concern about electron. Ironically (again) the special-casing in Windows screen readers possibly means that the experience with VoiceOver will be inferior regardless of the fact that web technologies have historically required a great deal of attention to make accessible to the same extent (because historically interfaces to web browser engines have been highly document-centric). I would try it, to make sure, only both the app and the Safari extension want 10.15 or higher at minimum and I'm still on Mojave. Oh, well. That it is the future seems to be beyond doubt at this stage. Jordan Rose (quoted above) captures it well. The Windows version 7 is usable, but the browser extension is distinctly unpleasant (the "Classic" approach is no more). It is up in the air, but I'm not optimistic.

I am looking at the KeePass ecosystem. MacPass seems very promising, as does KeePassium.

Maybe AgileBits should wait with version 8, an Electron/web application. Just keep version 7 a little longer. It is by far the best password manager for macOS.

And for the people suggesting using Bitwarden or KeePass: Bitwarden is an Electron application too and KeePass uses the generic Qt framework.

@Orie MacPass is native Cocoa; I too cannot use QT apps.

If it really only works via subscription, I will no longer use the program and look around at competitors.