I've been a paying subscriber to 1Password for over two years now and had the standalone version for years before that, and the way they responded in that thread really rubbed me the wrong way. Enough that maybe I'm going to start looking for other options. Maybe I'm just in a bad mood?
The OP just wanted to know if the feature was gone, and if so when did it get removed (maybe to find an archived version of the app?), and lastly why it wasn't clearly communicated, but you can just smell the smug in the responses. It's hard for me to read their little "cute" emoji as anything but sarcastic, which is reinforced by one of the developers chiming in about how they must be asking to "make their mobile apps free" and the other guy talking about how with so many users anything they do will of course be found out.
Likewise. I've been a long-time user, and currently a subscriber, but I've just found the direction 1P is heading, and the way AgileBits communicate a lot of this to be frustrating.
It's difficult to explain, but every time something like this comes up their responses frequently seem "off" and tone deaf.
I'm not sure they understand how much their product can become a part of how people go about their daily life, and how changing that, no matter how small, can have pretty significant effects, with an accompanying emotional response.
A while back they changed the way their vaults worked and you had to upgrade them. I've never been more nervous about an update to anything than I was with that update. The way the software communicated what was going to happen really didn't help, and there was a real feeling that this could all go horribly wrong.
Something I respect from Basecamp is their commitment to keeping their old products around (and keeping them maintained, even if they get no new features). They understand that they become a part of people's lives, and you mess that up at your peril. "Sunsetting" products or features has an impact on your customers that you need to be prepared for.
For reasons that are difficult to articulate I just don't trust AgileBits to not completely bugger up things for me in some way by changing something that they regard as unimportant, but to me is significant.
Even to me, this feels like I'm probably overreacting, but my passwords and online identities are so important that even the smallest hint of untrustworthyness is unnerving. The impact of losing all those details would be massive.
Yep, I feel the same way. The responses went downhill really quickly. I only just jumped back onto the MacOS bandwagon and was looking at resubscribing (I've had an awesome experience with their email customer support reps in the past which brought me back) but if this is how the public facing side of the development team acts... yikes.
I'll be much more open to alternatives now than I would have been yesterday.
I'm on the Catalina beta and the Safari Extension for 1Password 6 doesn't work (Apple only allows extensions from the App Store starting with Safari 13 - so it's not really AgileBits fault).
I chose to migrate to storing everything in iCloud Keychain instead. I understand why companies want to move to the subscription model, but I can't justify spending $36/year for an app to store my passwords.
As a user that made the switch to bitwarden the last time 1Password tried their shift to the membership-only options some 1-2 years ago, it is an excellent replacement. I do miss some better search / sorting functionality, but otherwise this works great with a local server that I maintain for keeping my Mac, Ubuntu, Windows and Android devices in sync.
Bitwarden costs only what is it 10 or 12 USD a year. LastPass costs 24 USD, and 1Password 36 USD. If you need 2FA. If you don't need 2FA then it doesn't cost as much, but I think you still have a device limit.
Bitwarden's clients are FOSS. There's a 3rd party FOSS server for it available written in Ruby. So you could even self-host.
[EDIT: there's one written in Rust as well! [1] [2]]
You can also self-host the original server, it's under AGPL[0]. I'm using this atm, and yes, I pay for the organization feature, though I could easily adjust the code to unlock it. It just doesn't feel right (same goes for the 3rd party FOSS server). But that's just me.
That would be a good option if they supported all of their clients equally, but the developer has pretty much said that he's not going to update the extension to support Safari 13. As a Safari user, it's not a good option.
> The problem with iCloud keychain for me is that I don't only use Apple devices
If I ever need to sign into something on a non-Apple OS, I look up the desired iCloud KeyChain-stored password on my iPhone, then manually retype it on the other device.
Actually, manually typing or pasting your password (assuming you aren’t using WebAuthN) opens you up to phishing attacks because you could be fooled by the URL, whereas password managers and hardware tokens will activate only for the associated domain.
I meant, I don't have to trust Windows or Android's security to not leak access into third-party password sharing apps, or the in-house security hygiene of those third-parties.
I share passwords with my coworkers (for resources that don’t support teams+sub-users) not by using any password manager, but rather by just keeping the descriptions+usernames+passwords in a Google Sheet.
We use GSuite, but that isn’t really relevant other than for controlling default ACLs to the document; you can just make a private Sheet and then share it by email to whoever you like.
Google Sheets works okay (for this use-case) pretty much everywhere you need it, including on mobile. Doesn’t auto-fill anything, of course, but since the point is sharing the password, not restricting the ACLs of the password in any enterprise sense (i.e. so people that could use a password before can then lose access to it), it’s fine to allow people to just cache the password into iCloud Keychain and/or Chrome Sync. So it’s not as much of a speed bump as you’d think.
I can appreciate that it works, but that solution is objectively worse for me. There's no convenience, it's more work, more error prone, and still a "cloud" storage solution with all its inherent issues.
I can punt on the cloud problems, but I'll pay for the convenience of a password manager in this case.
When you have sync issues, the workaround in the absence of a Force Sync button (which used to exist) is to create a dummy secure note or to log out and log in again.
Most users won't know this workaround without spending several minutes Googling and digging through search results.
I complained about the lack of a Force Sync button on the clients in the forums, and was told this:
"The reason we don't want too easy an option to force a sync is precisely because folks will choose to use that rather than reaching out to find the root cause"
Needless to say, I wasn't pleased to find out that they wanted to use their paying customers as free testers.
I'd like to switch away, but most of the alternatives I've looked at don't compare very favorably from a UI/UX perspective.
It seems their software quality in general have been going downhill recently. Lots of changes just for the sake of changing. The new extension doesn't work about 40% of the time or require multiple keystrokes to get it to pop up. The windows version is just, ugh.
Huh, I thought it was getting better across the board, and significantly faster. 1P is actually investing in proper cross-platform support, rather than only macOS, so perhaps it's just less attention to detail? The Windows client has become fantastic.
No doubt the Windows app has gotten better but there's a lot of weird quirks with it. Example off the top of my head, if you click on the favorites sidebar and try to search it only searches in favorites. On mac it searches everywhere as I'd expect.
The UI in general also just feels clunky. It's missing that polish the mac app has.
I completely agree. It used to be a very simple piece of software (I’ve used it since the beginning) and they’ve progressively tried to add more UX changes which only confuse and add reliability issues.
Simple tasks like resetting a password or adding an entry in 1Pass can often be frustrating now.
I was a booster until they added a terrible feature to bypass master password on smartphone app with pin.
Previously, with every restart of the phone, you needed to enter master. After, only when the pin is misentered once. They added this ‘new feature’ right when I was installing everything on a new personal laptop. As I recall it, I was entering the master password on my phone, over and over. One of the characters had a shift, which was a pain in the . On iPhone. So I made it lower case. Then, I updated my phone, got the 1password update, and didn’t enter the master for over a month.
Finally, I misentered the pin, and got kicked to the master. Well, you can guess what happened. I was locked out.
You know, a password works because you remember it. My situation revealed the design flaw of bypassing that. If you don’t enter the master for a long time, you lose the habit and increase the risk of losing it.
For me this is the classic example of the corrosive drive to renew a perfectly good product, which ruins the product for some users. But as a designer, I think it’s a fail, but you can’t tell them that.
This is why I like the Authy client on mobile. It periodically asks you for your encryption password just to make sure you can still remember it. Such a thoughtful idea.
I guess if you only ever use the mobile app, but still there's a desktop app and the browser extension to practice your memory.
The pin thing is a big time saver because typing on mobile still sucks, and I'd have to re-type the master everytime I switch between an app and 1Pass. I certainly wouldn't qualify it as a bad feature.
I'm not saying the pin is a 'bad' feature (in fact, I'm using BitWarden now. It uses the same UI pattern [1]). The 'feature enhancement' I'm miffed about is when the master is only ever required when you fail at the pin screen, whereas previously you needed the master after every restart of iPhone.
It's a complex system. I had a use-pattern that naturally emerged from the UI (which required the master after reboot), and my habit of turning off my phone every night. So this "feature enhancement" seemed innocuous, but had, I would argue, the unintended consequence that I lost my memory of the master because of a new feature.
I believe this is exactly the sort of thing a smart company, making a security product, should think about before they decide to add a "feature enhancement".
I mistook the great design of the original 1Password product as an indication of a "smart company" who made great decisions, and great products through testing and design.
Now I feel differently. Now I just see another one-hit wonder, who makes improvements by the wiz-bang theory. New! New! New and improved!
The unpopular decisions to drop the standalone version (local vault) is just more evidence to me that AgileBits isn't special. I put them on a pedestal with devotion and evangelism, but they're no different, and maybe worse.
And if you like this rant, you might also like my rant on TransitApp. hahah!
[1]: Before with 1Password I would have to enter the master once every 1-2 weeks. Now with Bitwarden using the same 1-fail bin to master UI, I think I've not defaulted into master for, I dunno, 6-8 months? But I've learned my lesson. I wrote the master on a piece of paper and tucked it away in a book somewhere on my bookshelf. What could go wrong?
I know this is a larger issue, but I sure feel like software quality for ANY product decreases over time. I've observed this with many, many products in my career. 1P is just the latest example.
I feel like it may be an inexorable and unavoidable consequence of an aging codebase.
It's not a law of nature. Bit rot and technical debt can be counteracted if maintainers are vigilant and focus on quality and maintainability. Unfortunately, not many examples come to mind: the Linux kernel, PostgreSQL, SQLite, OpenBSD, for instance. I can't really think of any instance managed by a for-profit organization.
With the hindsight of 20 years in the industry I believe a lot of it is due to team churn. Once the original developers are all gone much of the codebase becomes a scary black box. When I think about teams I've worked on with an OG dev still around, they've always been far more productive.
Same here. I've been using 1Password for over 11 years. Paid for multiple licenses, family subscriptions, upgrades, etc. Their recent behavior which indicates direct hostility to their long time users and obvious money grabs. Since it looks like it's subscription model no matter where I turn I'm thinking about migrating to LastPass. At least they are more or less transparent in their pricing and future intentions.
I feel exactly same. Recently I complained about decreased usability issues with re-worked 1Password mini and... felt exactly same. I won't be looking for a replacement just yet, but feeling is right there. Dropping support for standalone vaults is not unexpected development.
I was turned off by their smugness back before they had a Windows version. Their justification was that the platform didn’t allow them to build the type of beautiful software their high standards required. They’ve always had these attitudes that have rubbed me the wrong way. I’ve never gone onto their subscription model, but I’m wondering if iCloud would work for me since I’m fully in Apple’s ecosystem.
I find it very infuriating in general when someone uses a cute or smiley emoji after telling me something negative. I'm sure that mostly I'm paranoid and irrationally irate about that, but I can't help thinking that people are rubbing it in my face when they do that. Am I the problem?
I think the intent when using those emojis is to communicate that they really are trying to be nice while giving negative news. Text is a really hard medium to convey emotion or intent through. For example, I find if I want to sound positive I end up having to add an exclamation point at the end of every sentence (“Nice job.” Vs “Nice job!”)
That all being said, I absolutely agree the emojis almost always are perceived in a way that’s opposite of the intent, e.g. smug, sarcastic, or some other negative tone.
I don't think the responses are smug. Ben in particular stands out as patient, forthright, and apologetic.
> one of the developers chiming in about how they must be asking to "make their mobile apps free"
That isn't the actual quote. The developer is pointing out that the apps are "free to use as companions to our desktop apps".
> the other guy talking about how with so many users anything they do will of course be found out
This did come across clumsily, but it was in response to the false dilemma "Was it forgotten, or deliberately not mentioned in the hopes nobody [would notice]?"
Plain old Apple keychain while I evaluated other options. While I was evaluating, I realized the keychain was fine for my current needs. I'll evaluate again when my needs change.
Only smug i could tell was in regards to their free app offering, and considering it costs money and resources to maintain those free services their viewpoint is understandable. The feature was removed, they thank them for the feedback for being upset that the feature was removed.
I understand that software costs money to maintain and cloud syncing requires infrastructure. But they didn't need to act the way they did in response to someone asking a reasonable set of questions.
I don't think I'm making a big fuss about it. I'm not campaigning for a boycott or mass migration or anything. I'm just saying that as a long time customer of AgileBits the way they reacted in the linked thread really didn't sit well with me, so I'm looking for alternatives to their software.
What if I have an issue in the future? Will I also be treated poorly?
The mobile app is free, but creating entries on the mobile app is a paid feature. Either with a subscription, or by buying the "pro" features. Or at least that's how it is on Android.
The OP just wanted to know if the feature was gone, and if so when did it get removed (maybe to find an archived version of the app?), and lastly why it wasn't clearly communicated, but you can just smell the smug in the responses. It's hard for me to read their little "cute" emoji as anything but sarcastic, which is reinforced by one of the developers chiming in about how they must be asking to "make their mobile apps free" and the other guy talking about how with so many users anything they do will of course be found out.