Years ago I bought 1Password via a one off payment and set it up to sync via my iCloud Drive. It all worked great. Then they took VC investment and quickly every new feature was locked behind a subscription gate. I switched to Bitwarden. Then they took VC investment and I’m sure will end up down the same path (and you could never use a third party storage service with BW AFAIK). A password manager’s remote storage doesn’t need to be anything other than a safely encrypted SQLite file, you ought to be able to save it anywhere.
I think everyone should have a good password manager in 2024 and non tech inclined folks shouldn’t have to battle with upsells and spammy notifications as a price for being secure. If that means they’re using Apple’s offering, so be it.
I don't know if Apple Passwords will be a perfect fit for me, I'm hoping someone shares a deep dive on the product soon because I'm not in a position to use the beta, but I'm happy to see some more competition in the space.
There is a little bit of subtlety to this https://www.cs.ox.ac.uk/files/6487/pwvault.pdf
And it's not that big a deal to occasionally copy a password onto a Linux or Windows device, or better yet, use the iPhone to authenticate for it.
You can run your own BW server, or at least you could as of a few years ago. It's not well documented, but it was doable. The only reason I don't use BW is because the iOS app doesn't locally cache passwords, and I didn't want to open up my home network or set up a VPN just for a bitwarden server.
KeePass was a great bit of software but managing the vault syncing myself and having to wait for (and trust) the third-party Firefox extension to update was tiresome. For about a buck a month, LP was a pretty good deal and handled all of that overhead for me.
I eventually moved to 1Password and it's still what I recommend to most people. $45CAD a year is a pittance for how often I use it. The app and extensions are always up to date, they "just work" even for my 70 year old father. At $12CAD a year, Bitwarden is pretty damn reasonable too.
I don't get the hand-wringing when it comes to reasonably priced services. Development and infrastructure costs money. Yes, a power user can manage everything entirely with free software and a portable sqlite db but that isn't sensible approach for the vast majority of people.
I've been using it for nearly 20 years and it's been going down hill fast for the last 5, but 1Password 8 is an absolute clown car. It hijacks your passkey logins meaning that authenticating with Tailscale for me has gone from a single touch of the TouchID button on my Mac, to 1) click button that says "Unlock 1Password", 2) Click it again because it did fuck all the first time, 3) hit the global hotkey for 1Password, 4) open 1Password via Alfred because the hotkey has decided to stop working again, 5) touch the TouchID button to unlock 1Password, 6) switch back to the browser to find that my Tailscale auth has timed out, 7) back to iTerm to initiate the auth again, 8) if I'm lucky, I can now touch the TouchID button to use my Apple passkey, if I'm not, it's back to step 1.
I'd challenge anyone to name an app that has been ruined more by VC money than 1Password.
https://support.apple.com/guide/iphone/share-passwords-iphe6...
I’m with you on 1P. I bought every version starting in 2009, until the constant push to subscribe made me stop. The part their VCs should be afraid of is that switching took about 5 minutes (export + import) and the only change I noticed is that everything is faster. That moat is a trickle of water (I hope it’s water) and they’ve annoyed a lot of the people who used to be telling their friends and family to buy it.
I'm sure 1Password doesn't care one iota about loosing individual users with attitudes like this. Until the forced to a monthly rent seeking hand in my pocket policy was deployed, I had been a vocal advocate for 1Pass. Now, they're about to loose me altogether
I felt that way on principle for a long time, but honestly, on reflection, 1P is probably subscription that is most justifiable. I want to outsource online security to people that know what they are doing. I want that to be a viable business for a long time into the future. And I want their funding model to be such that their interests are aligned with those of their paying users (me).
People can get so irrational when it comes to the cost of software. The same person who'd pay hundreds of dollars for a cleaner, or a gym membership, will swear up and down that 70 bucks a year for an online bodyguard is highway robbery.
It would be. Fortunately, 1Password doesn’t do that [1].
You’re paying for an important piece of software to be maintained.
> I'm sure 1Password doesn't care one iota about loosing individual users with attitudes like this
Probably not. Emphasis on attitude.
Strongly disagree that they're part of the group of SaaS companies trying to price gouge their users.
I’m finding most of the friction with 1Password I run into is actually Apple competing for autofill in Safari creating two completely different UIs above every form element.
The other issue I have is Safari Home apps not supporting extensions so you can only use Safari’s built in manager. I think that’s fixed in Sequoia.
I agree regarding 1pass, but at least it's still firmly trying to solve the password management problem. Apple is trying to solve the vendor lock-in problem (i.e. how can they lock more users in to their platform).
Every other password manager I have tried has had continuous churn, nothing consistent after a couple years.
I have passwords for accounts in my Apple keychain that have survived more than decade and about half a dozen different devices, to internal servers that have been dead for a decade.
The only new thing here is opening it up to more platforms.
Besides just working as expected, it importantly supports self-hosting. I don't currently make use of that, but have given it a try and it's great as well.
Having alternatives to the SaaS (currently very reasonably priced) is invaluable.
https://1password.community/discussion/128524/add-options-to...
Seriously, this is the kind of thing that an intern could knock out in a week. I don’t understand why it hasn’t been addressed.
> The Passwords app is free to download, available across iOS 18, iPadOS 18, and MacOS 15, and will also work with the Vision Pro and Windows computers, says Apple.
The other major password managers are on Linux, and Apple will need to support Linux for this new offering to be interesting to me.
Of the major tech companies, Apple probably has the worst track record of not playing nice with other platforms, walled gardens and all. Passwords are needed on all platforms. Apple would be the last company I would trust to ensure that I would be able to access my passwords anywhere I may need them.
I still really hate the iOS-restyled system prefs. Tiny unresizable text, a long vertical scroll. I can’t find a damn thing in it and just use the search bar every time and feel faintly annoyed about it.
Hopefully Adobe won’t decide to start shitting a bunch of authorization credentials into private Notes the way they took over the Private Notes section of Keychain.
But my biggest one is wanting to store secure files. Think copies of a drivers license, signed documents or various certs and keys. That's not being covered here either for me sadly. It's not a super common situation for me so I can probably find an alternative app for that purpose.
Edit: Also for notes, I'd just password protect something in the Notes app. But that's just me.
I frankly just have photos of DL and insurance cards in my photos with tags to make finding them easy. Although note with the text searchable images that’s largely not even needed.
I don’t get what the security concern in. My photo reel is way more secure than my actual wallet.
I have a soft spot in my heart for `pass` (http://www.passwordstore.org/), but it's a pain to access it from my phone.
I use BW for all my personal stuff because my wife and I use it.
If your phone is android, I'd recommend https://passwordstore.app/ plus syncthing :-)
Glad they're splitting it out of System Settings into a dedicated app.
I've also started migrating family members to it. It'll be way easier for the less technical people since it's already tightly integrated in the devices and OS they use everyday.
The autocomplete attribute supports nearly everything you can imagine. Check this for a full list[2].
[1] https://developer.mozilla.org/en-US/docs/Web/HTML/Element/In...
[2] https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes...
I will NEVER understand this one. Do they want me to pick a shitty password? I'm not gong to type a string of of 20 mixed-case and special characters into a private text box on my phone. It always takes 3 or 4 tries to even get it right.
There's not much else to add: it just worked. I wish all "lock in" were that open.
It's fantastic, and for some reason I trust OS/browser developers to do this more safely than a company focused on password management that has to figure out OS APIs, write browser extensions, or rely on a clipboard that has nearly unbounded read access.
and where do you store your passwords for apps?
[1] https://gist.github.com/jftuga/0265e5403d56373662b9513d8816e...
Keepass is the closest I've ever felt to just having a wallet for my passwords. It should be ratified as a standard, so we can make Google and Apple provide "Export to Keepass" buttons in their apps.
Check Passlane here (I’m the author of it): https://github.com/anssip/passlane
https://x.com/blader/status/1800263787746066646
"apple sherlocked 1Password today, so i'd like to remind you that your Apple ID is only as secure as your carrier.
if you have 2FA on and get SIM swapped, attackers can lock you out of it PERMANENTLY.
last month it happened to me. make sure it doesn't happen to you: "
Getting locked out of all my passwords would be pretty disastrous. Did Apple announce a change to the account lockout procedure as well?
I constantly have issues with it not engaging on a form where I have to manually switch to 1pw, though it has gotten a bit better over the years.
I hate to see a company/product get sherlocked but I don't feel like password security was something we should need to have a subscription for.
Whenever I do a password change, I have to do it on my phone, so that the new one will be stored. But that is fine with me. I’m happy to do that in exchange for being freed from “password managers”.
Really no big difference, you’re still technically using a password manager.
Also you can access those passwords on Mac as well, it’s in settings just as you would find it in your phone. No need to copy from your phone and paste it, Mac can autofill. It can also autofill on other browsers through the dedicated right click menu, but it’s a bit more clunky than on Safari.
Fun fact, those same passwords can be accessed on windows now, install iCloud for windows and enable passwords. It uses a dedicated app on Windows.
I also enable keychain sync on my Mac so I can create passwords there too.
Right now for instance I have a Personal profile, and a few work specific ones around admin, development, and my day-to-day work to split things off easily. I have 1Password unlocked in one profile and it works in that, but if I switch to any other profile it needs to be unlocked, then it tells me it needs to reload the extension. Reloading it doesn't do anything but break it again. I have to fully quit Safari then it works again for some unknown amount of time then falls apart completely soon after (probably laptop sleep or something like that).
Just a shitshow all around from 1Password anymore. How the mighty have fallen due to profits and investors.
My current workaround is to use Orion as my browser. Its profiles are clunkier than safari and don't exist on iOS (but I don't care about that)
Something I’d really like: let my iPhone act as a Bluetooth (obviously encryption will be necessary!) or USB keyboard, and have it hold my passwords/type them. That way I could keep my passwords all in one place, and manage them locally. Currently I use keepass when not on iOS, which is fine, but I don’t really want to have to expose my whole passwords file to a Windows machine, since they are traditionally infested with malware (and apparently MS is flirting with including their own first party malware).
I investigated the bluetooth encryption and it didn't really seem up to the task. You could create a dongle that lived on wifi though that would do the same.
A dedicated device would be nice and, actually, keeping your passwords on something that never even has to touch the internet would be ideal. But my phone already has a nice big touchscreen to make it easier to pick a password. Reusing an old device could work but that’s limited.
I tried out passwords, and combined with Safari, it's an absolute godsend compared to 1Password. That does mean that I switched from Brave to Safari, and thus have YouTube ads, and so I'm now paying for YouTube haha
This isn't my experience since the recent update that shows up a mini-login panel when trying to sign in. The old experience that opened the desktop app first was fairly slow.
I don’t want to switch from 1pass if I can’t set 2 or 3 separate webdomains for an account as I find this to be the most annoying feature of apple passwords, when a website has a separate register page from it’s login pages. In 1pass you can just delete the subdomain and add domains. Apple doesn’t allow you to edit at all :(
Whereas with 1Password I use a separate app to CREATE a new Login file for an app/website/anything. I can save that file with as much or a little information filled out as desired. Can create arbitrary info files for Passports, library membership cards, etc. I know the information for each is forever stored exactly as I created it, always syncing, never overwritten when I type in a different password and accidentally hit "save" in a webform.
I hope the new Apple Passwords app is more like the later; if so I would switch.
My main reason not to use it is because I guess not going to work as well with firefox desktop?
If it were just me, I'd be tempted to just switch everything over. My wife is smart, and technically competent, but isn't interested in switching to new things until the pain points are too much. If I want to move to a new app or a new service, it can't be on a whim of mine, and it can't just be because I want to see what the new features are like.
I have been working on solving password management as a local-first, cross-platform, open-source application[1]. It's a bit rough around the edges still (no browser extension yet!) but is worth trying as an alternative. Any feedback would be much appreciated!
The app is designed for zero vendor lock-in (after all this is our most sensitive data) and a self-hosted server is part of the design. We aim to make money offering a cloud platform for syncing and social recovery (digital inheritance) and eventually would like to also function as a Dropbox/Keybase alternative.
We will be releasing the open-source SDK[2] soon.
All comments or suggestions welcome.
[1]: https://saveoursecrets.com [2]: https://docs.rs/sos-sdk/latest/sos_sdk/
A lot of people seem to be acting like this is a really big deal. Is it cause it’s available on windows now?
I guess Apple just wants it to be more obvious that hey, you have a password manager already.
They took VC funding to pivot to enterprise, anticipating that OS vendors would integrate basic password management features (what most of their usage at the time) into the OS.
So the consumer experience has been de-prioritized. I will not be renewing my 1Password subscription.
Bitwarden has been lagging in implementing any consumer features for some years now (custom item types has been on the roadmap for six years and is still not done). Except for secure notes in Bitwarden, I don’t think you’d miss anything else in this app. Bitwarden is spending money and focus on the enterprise, just like 1Password has been. For the consumer segment, neither of these are good enough now.
This is actually the reason why I like Bitwarden. They don't seem to be constantly trying to push unwanted features on me. I've always been a fan of the first "rule" of the Unix Philosophy: do one thing well.
But it might make other people who don't use a password manager start using one.
I love my mac and I love my pixel phone but sometimes being a Mac + Android user just sucks.
Passwords are saved on your device.
Curious to see how this ends up impacting competitor's businesses or not though! If Apple gives themselves access to a bunch of integrations and APIs no one else can that sounds like they would be abusing their monopoly power...
I use 1pass across all platforms.
There are groups that can do that coercion (eg. US and CPC governments), and there may be support staff et all in Apple that can get the same access.
For the same reason, I was unhappy that Keychain.app is auto synced to iCloud (and as per a past thread, even if you disabled it it may be reset).
So, of course, I don't have to use their app. Except that I suspect it will be built into the OS in a way that makes it hard to avoid, such as Keychain.
I would love it if there was a way I could setup my self-hosted BitWarden instance to be as integrated as Keychain is, and not use Apple or Google for passwords.
Apple was part of the PRISM program, we know they gave access to our data for mass spying.
I always end up looking in the Keychain app to be sure to find what I'm looking for, but I dislike that app because it often takes several password entries to get to see a password.
I assume the Passwords section of System Settings is only pulling up a subset of these, but I haven't upgraded macOS on my personal laptop in a long time (I'm on 12.4), so can't verify easily.
Is the reason for fewer security breaches perhaps that the data wasn't as valuable to attackers (until now) ?
It may be my own ineptitude, but I won’t use it again.
Also if those two apps didn't have a product feature map way ahead of apple then they were doomed from the get go. They must have known something like this was a significant business threat if not existential risk...
I'm a bit nervous after hearing about people having early adopter issues.
Hopefully there is some sort of fallback if something extreme like a house fire manages to destroy all of your personal devices at once.
This is already addressed and has been since Apple first launched support for passkeys. See the “Recovery security” section of the “About the security of passkeys” support document here: https://support.apple.com/en-us/102195
If anything 1password has proved to me that an Electron application can eventually be pretty seamless. I have been very impressed in MacOS and Firefox.
How will apple protect all of your password data in this case?
Will the setup allow for an additional password to prevent hackers from gaining access?
+ Can't beat convenience.
+ Cross platform
+/- free if you don't need mobile version
- Closed source
(no affiliation)
+ cross-platform
+ free as in beer
+ free and open-source software
Can't really comment on convenience, I moved from LastPass, but it has worked well for me.
Only have to memorize 2-3 strings and more secure than a password manager since there's no third party in the loop.
Password Managers are a huge man-in-the-middle and liability in other regards (e.g. you don't have it present on a given device or on hand).
SSO from a single set of credentials is a much better solution. Multi-factor biometrics even better (outside of PII sensitivities)
1. It's now easier to access passwords on the mac because you no longer are forced to use Safari to view passwords, nor have to sort through the technical entries/certificates in Keychain Access.
2. The app surfaces a prominently positioned button for one-click sharing and exporting of passkeys/passwords, whereas existing methods significantly lack in comparison.
3. It's the opposite of lock in to consolidate all types of passwords into a single consumer-level interface, when the alternative was hunting for them across the various apps and system panels.
4. It works with iCloud for Windows for cross platform support. Which also means you don't need a mac to participate in shared password groups.
I only use 1Password instead of native because I needed something that worked on Windows. Will need to see how well that works, but I just don't see a personal reason why I would not just use this when it works so much better on my iOS devices.
It's the same reason I don't trust Google with all my picture or documents. At any point in time their algos can flag your account for wrong reasons and that's the end of your digital life.
There is still a place for password managers, but if I'm the LastPass CEO, writing is on the wall with this announcement... They will see a large exodus of customers that use Apple OS.
You have a completely free choice to use 1password, BitWarden, KeePass etc ..... Apple is not stopping you.
Forcing all browsers on iOS to use Safari is a different matter.
I don't trust 'Passwords'.
These are the reasons why I don't use Apple products despite the great hardware.
https://support.apple.com/guide/security/icloud-keychain-sec...
Safari? Not on Windows.
Apple Music? This actually has a Windows client. I'm not sure how good it is. But Spotify supports Windows and even Linux.
Apple Password Manager? Will this be tied to iCloud? Will I be able to use it on Android? If I no longer have an iPhone will it be a pain to maintain and use?
A dog cannot serve two masters. A company like Apple doesn't see any of these things as a product. They're a means to an end: to push the iPhone platform (and hardware sales). That priority will always trump the interests of a product like this.
It's also why I refuse to buy more into Google products: it's too much of a risk to lose access to everything if Google wakes up one day and decides to suspend your account with no recourse other than making enough of a stink on social media such that an employee will actually look into it.
People don't want everything tied to one identity, one service, one login.
I think this is exactly what _most_ people want.
With password management specifically, Apple has had a Chrome extension available for a while now which has allowed me to use it on other browsers/platforms. Not ideal, but good enough for most.
On top of that, they don't lock you in with passwords. You can easily import and export your passwords, just like you can with 1Password.
Apple Music has had a web client for a long time. iTunes has been on Windows for 20+ years and Apple Music was supported via that until recently when they built an Apple Music specific app.
Now that many sites are moving to passkeys or TOTPs, it would be great if Apple could not lock users in there as well.
> Apple has had a Chrome extension available for a while now which has allowed me to use it on other browsers/platforms
That's only on Windows and requires you to install iCloud tools locally, right?
This is what they think they want, until something happens and they are forced to move out of the walled garden, and have to replace everything.
But, admittedly, that's Apple's bread and butter, and they've managed to avoid big controversy so far...
https://cider.sh exists and is in various distro package managers already too.
> I think this is exactly what _most_ people want.
Until they don't, which always happens sooner than you would think.
Yes, and they should have it. As open source software that a free market of hosting companies can compete on price and quality for. Not as closed source software hosting by a Big Tech oligopoly.
You should be able to host your info on a server of your choice, encrypted end-to-end from your devices. That server is the one which should collect payments, manage subscriptions, do access control checks, and deliver data to others. That server is the one which should send notifications and push news updates to your devices as well as subscribers’ devices. You should always be able to migrate easily to another server, or use several at once, as fallbacks.
People have learned helplessness (“oh I wish Twitter would add feature X”, “oh, I guess we all have to get a Google Plus account”, “oh, sucks that Google Plus and all my data and social connections there are going away”) because open source developers didn’t stick around long enough to make something that is good enough to compete with it, and is decentralized and federated.
I can count on one hand: Mastodon. Bluesky.
I am working on fixing it: https://github.com/Qbix/Platform
Larger vision for 2025 and later: https://qbix.com/ecosystem
I see many comments replying to the above statement, and I am no exception.. what about the saying that goes: "Don't put all your eggs in one basket"?
I couldn't agree more. I use Google's password manager because (1) it syncs everything (2) I already use Chrome everywhere (3) I can't be arsed to set up another password manager that is generally inferior in terms of integration.
I don't care for the FOSS argument. I just want stuff to work and work easily.
Plus, I sincerely believe Google is 'too big to fail'. If somehow Google gets hacked and my plain text passwords all get leaked, it means something huge has happened and we're all massively screwed anyway. So, whatever.
Like seven people replied to say this, but they're all missing the trick.
Most people want this because they're guided to want it. If you show people the convenience but not the risk, of course they want something with an advantage and no apparent disadvantage. But the disadvantage exists, it's just not immediately obvious.
Then some corporate machine learning algorithm decides that it's your day to have a bad year, or the screws only get tightened after you're already locked in, and the regret comes some time after the decision is made.
Whereas the nerds who can see the inside of the machine are aware that this sort of thing happens and their response is no thank you. A starkly different preference from the people paying the most attention is a troubling sign. It's the early stages of this:
The thing that gets me is that people then defend the practice because it's likely to be successful. Lots of unsophisticated people are going to put all their eggs in one basket and then have a bad time, which is a result we should be trying to prevent, not defend the people causing it because they're likely to turn a profit. Companies making money on information asymmetries and the misfortune of others is a flaw we should be looking for ways to optimize out.
No. Please stop being speaker for most of the whole world.
There are people, including me or my wife who is not technical at all, who will never use anything similar from Apple. Or any similar SSO/access/security platform. Google and FB tried that decade+ ago, only fools fell for that regretful trap if the service has actually any long term added value.
This is EXACTLY what people want. Please remember that HN is not a cross section of the general public.
Yup. I need to constantly keep that in mind, when I’m designing my software.
Very often, the fact that I like it, is a negative.
You made the same mistake as the person you're refuting, only worse because you added "exactly" as if case closed.
Here's another take: "People" want different things. They listen to different music, have different opinions, buy different cars, have different tolerances of when a car needs washing.
My non-technical Mum refuses to use online banking; my non-technical Dad loves online banking. My non-techie sister loves issuing verbal commands to her smart speaker; my non-techie Mum refuses to speak to devices & switches her TV off at the wall every night.
The only "EXACTLY" is in marketing efforts trying to convince you of that state.
I don’t see why that would be a big problem for Apple.
As this article explains, this isn’t new functionality. It’s (mostly) a new UI for existing functionality, to make the hardware they sell and make lots of money on more attractive.
Apple has tried various approaches of surfacing this functionality (eg the passwords panel in Safari and again in iOS’s settings app). This just seems to be the app-agnostic way of providing this functionality to everyday users, and probably a good thing as platforms move away from passwords.
No, it's not Apple's problem, let alone be a big problem. Apple does not like to provide services for free on other platforms and isn't even very good at doing it for paid services. This passwords app is meant for those who use and depend on Apple's ecosystem, not as a generic competition for other password managers.
I would immediately leave Windows in the dust if gaming was equally supported on macOS. Maybe in the future, let's see. For enterprise work, MS365 is also really central and it's basically not possible to work without Excel, PowerPoint, Outlook and Teams even if you personally prefer other software (I don't). They're fine on macOS or the web interface but clearly neutered in comparison to Windows native.
There's a difference between Google's products and Google's services. You can use either one without the other. I am a happy user of Google hardware, and am even happier to be almost entirely extricated from their services.
You'd be surprised. People want a neat solution so they don't have to deal with multiple nuissances.
They worry less about vendor lock-in (if they even understand the issue unless it's bitten them, and then they can consider the costs of switching as totally normal and expected, similar to how they just go find app replacements for platform-exclusive software).
Which is also only available for Windows, as far as I know.
This is what OAuth attempts to do, and most users and devs I know like it.
I'm well aware of the risks of putting all eggs into one basket. I'm already doing it with 1Pass (albeit with external MFA for some sites), so I see no difference with letting Apple manage it.
Counterpoint from an interesting source:
https://gist.github.com/nckroy/dd2d4dfc86f7d13045ad715377b6a...
People literally want everything tied to one identity, service, and login. You are almost totally wrong. People do sometimes want to switch to something new when they feel what they've bought into hasn't met their expectations or has fallen behind in innovation. And guess what? Apple in very limited ways actually locks people into things like passwords, files, photos, notes etc. Their entire ecosystem is pretty easy to migrate away from, I've done it several times. Theres an import/export tool for most everything.
After this year you probably can't even say they are locking people into their ecosystem with iMessage.
An Android app would be nice as well, but I doubt that many people use both iOS and Android devices[1] (or concern themselves whether they will be able to switch platforms easily).
[1] Android devices as in devices where password manager is desired, not as in 3 Billion Devices Run Java
A company does things for the sake of profit.
Of course, I'm talking about, for example, work environments where you may be stuck with a Windows PC, or have to use a corporate-owned Android device for your phone...
It is absolute garbage, but luckily the legacy integration in iTunes for windows still (sort of) works.
So I'm not sure how many people will actually use this just because of this friction.
Branding a solution as Apple isn't a guarantee of success. If it were, we'd still have Safari for Windows.
Some software should just be considered "done" and never changed again. 1Password is one of those things.
What is your experience exactly?
Another data point: my 85 year old mother used to have issues with 7. She'd get confused about things. With 8, it's been clear sailing for her. That's pretty impressive to me.
You can still use the standalone 1Password 6…
Plus a nice UI for handling OTP, notes, credit cards, IDs, bank accounts, etc, it's easily worth the annual price for me.
Bitwarden still fails to correctly identify basic username/password fields, but 1Password gets it right every single time.
On topic, as a primarily Linux user I'm not in the target market for this (or any other Apple products or services really) and that's fine.
there is more, too lazy to write
What exactly is wrong with paying $10 per year for a well done product?
When it comes to a password manager, I appreciate having constant access to updates. That isn’t feasible for one-and-done code.
That said, it’s 1Password’s bugginess that will have me looking at Apple’s offering. (Particularly how it performs on non-Safari browsers, e.g. Orion and Firefox.)
It seems nuts to me that you expect someone to provide you a service for free?
https://en.wikipedia.org/wiki/LastPass#2022_customer_data_an...
2017: Design flaws in LastPass two factor authentication. http://www.martinvigo.com/design-flaws-lastpass-2fa-implemen...
2016: More LastPass security vulnerabilities. https://palant.de/2016/09/16/more-last-pass-security-vulnera...
2015: Even the LastPass will be stolen. http://www.martinvigo.com/even-the-lastpass-will-be-stolen-d...
If I understand:
Attackers got access to LastPass's account data backups directly and in bulk. 2FA doesn't help here.
While LastPass since increased their password rounds for new accounts to 100k+, many users especially long-time users had them set well below and never updated. Reports of 5000 rounds, 500 rounds, ... even 1 round.
URLs were not encrypted. If you had sensitive URLs, I think you have to treat them as compromised. If you had crypto exchange logins or high-value URLs, I'd imagine you might attract extra attention.
[edit for typos].
The article text mentions 1Password as the first listed PWM product.
As mentioned in another news article on the topic:
> It also syncs with PCs via the iCloud for Windows app.
* https://www.theverge.com/2024/6/10/24175505/apple-password-a...
and in the keynote itself:
If the Family Sharing aspects are well done I'd happily say goodbye to my 1Password subscription.
Regardless, I’ve been using it for years now. Works fine. Better UI will be nice assuming this doesn’t come with a bunch of updates that somehow manage to make it work less-well.
I mean, why else would Apple invest in something like this. They became the richest company in the world by increasing lock-in in every step.
The new SSH key manager feature is an example of something Apple's unlikely to address for years, if ever. https://developer.1password.com/docs/ssh/manage-keys/
I switched to iCloud Passwords a few months ago and I'm very happy with the product. Looks like this Passwords app is a nice new GUI over the top of that same database.
1P has some wonderful work-oriented features we use constantly. I don't like the direction it's going for personal stuff.
It's almost double the price per user so my company switched to Bitwarden.
We're a Mac shop and if Apple can make it even more affordable then we would definitely consider switching again.
1Password saves the key itself in the encrypted vault and implements an SSH agent that can then interact with OpenSSH etc. and provide key operations, like how a physical dongle would function.
