So I briefly tried 1P 8 and then noped right back to 1P 7. Here are some of my concerns, I hope they are fixed before general public release: Mini. This is how I use 1P daily. Seems that 1P Mini has been reduced to a search field. Fine, I guess. May be nice. But that I cannot change its keyboard shortcut. I mean, with 1P 7 I use a 2-key shortcut that is deeply engrained in my memory and prime at my keyboard alongside other key system shortcuts. You have to allow us to "import" that into 1P 8. Such customizations is critical on macOS. Also, does Mini require the menubar option be shown? Why is that? I don't show 1P 7 there because the keyboard shortcut is all I need on my desktop with 2 large displays. All that considered, it was in my testing nearly impossible to just bring up Mini from any app. Safari. Why require a separate app again, like was needed in the past and for Chrome? And it seems that it was not sensitive to showing logins for sites I am on like all 1P versions of the past did. Why? Will this be fixed? While the search is great for straight-up use, 1P in browser must be able to surface what it thinks will be needed most. Does it, too, need to be in the (about to be ever weirder, thanks Apple, but that is another issue not for you all) status bar? Because I also don't show it in 1P 7 given the keyboard being how I invoke 1P. Biometry. I use my Apple Watch multiple times a day to unlock 1P. In 1P 8 Mini the main 1P window always had to come up, and then me click a button, to trigger it. In 1P 7 Mini it just initiates the biometry itself. Why is this so much more user-intensive now? This, too, must be just as simple as it is today. Unlocking the main window was equally button-heavy. This is just untenably annoying. Electron. I mean, really, maybe it can be made to look more like the existing macOS app and other Mac apps. But that is way too heavy for a password manager. Please reconsider and go back to Cocoa. Maybe I'm needlessly harsh on this point. But given my others, this is a compounded concern. I use VS Code almost daily. I've grown used to it. That is Electron. But one of the main reasons I use 1P is its nativeness. Regardless the tech underneath, 1P 8 does not feel native. This is a serious disappointment. Preferences. As I alluded to above, all existing 1P 7 preferences must be present in 1P 8. I have 1P set up how it works best for me. Not just keyboard shortcuts being all custom, but nearly every preference I likely have tweaked at one time or another. These must stay customizable. All of them. I truly am sorry if this feels harsh. As 1P support staff may know, I post here often with questions and answers. I've used 1P since it used the Mac OS X keychain for storage and now use Families. I write software (web, iOS, Mac, etc.) and manage websites for organizations for a living, so have some idea of what feedback should be, but also how critical my password manager is in my line of work. It and its speed and stability are critical. 1P 8 truly saddens me and makes me wonder if my longtime support of you all was misplaced years ago until now. I am more than willing to continue this conversation here or in another venue. But I will not be trying 1P 8 again until it is finalized. This is unlike me, as I have used 1P betas in the late-summers for years. Kind of feel it is a role I as another developer should play. By general public release, I sincerely hope for all of us that my concerns, and the many concerns expressed by others here, are taken seriously. Or that you do as Apple themselves are with iOS and keep 1P 7 fully supported and getting updates even after 1P 8 ships. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided

Thank you for your honest feedback. Many of the issues you mention are expected to be addressed. But some, like the number and kind of preferences will be different in version 8. 1Password 8 represents a ground-up rewrite for us, one in which we have gotten serious about sharing core functionality between all platforms (Mac, iOS, Linux, Windows, Android). Another aspect of this goal was a more unified UI design between platforms. Originally, we were writing the Mac version in Apple's new SwiftUI framework instead of Electron. I think if we had continued along that path, many of these same issues would still be present - because it's a new code base, there are a lot of parts missing, and a lot of parts without polish. Mini is a good example where we lost our way a bit with version 7, and many saw it as a downgrade from version 6. I can tell you that the team working on mini v8 (now named Quick Access) is all about user experience, user testing, optimizing navigation flows, etc... It's a rethink of what 1Password mini should be. And it will be better to use. It's just in a _ very early_ form right now.

@chadseld Do you all have any sense of openness to feedback or just a firm belief that what you created is perfect. I just imagine your leadership sending internal memos right now saying "HOLD THE LINE!!!!" This part rings significant to me: "1Password 8 represents a ground-up rewrite for us, one in which we have gotten serious about sharing core functionality between all platforms (Mac, iOS, Linux, Windows, Android)." You're basically explaining why this makes it easier for your team but not better for users. Before you respond touting feature parity across platforms, at least acknowledge that a lot (probably most) aren't using 1Password across 3+ platforms. Secondly, you ignore the single biggest consensus feedback so far which is that folks want the app to feel native to each platform they use. I hope you will read and think about this feedback.

Thanks for your response, @chadseld. I've seen in other threads how some things (like user-definable keyboard shortcuts) are coming. Hopefully they, and many of my other concerns, much of which are real usability headaches right now, are addressed by the official release. My feedback was based on just minutes of use where I saw these serious usability issues. I now have both 1P 7 and 8 installed, though rarely use 1P 8 for now, and keep it quit (well, one or the other is quit while the other is running). I want to like 1P 8, because of my longtime use of 1P, the importance of things like multiple content types and shared vaults (otherwise, if I just stored passwords just for myself, I may have looked into moving to the Apple-built alternative coming in macOS 12 anyway, if just for curiosity), and simply that my data is already in it. But we'll see what I feel like as the early access alpha continues to beta and then general official release. My feeling is that if Quick Access' keyboard shortcut can be customized (as well as work sans menu option being visible), the Apple Watch unlock be made as convenient as it is right now in 1P 7 (no extra click, need of the full window), and the Safari extension works well (I could barely get it to unlock consistently or show my data) I will probably try living on the 1P 8 preview for a few days. But still, this direction of 1P makes me about if an alternative may be needed. Hopefully it won't, honestly,

Just out of curiosity, @chadseld, why does the product management team think that users want "a more unified UI design between platforms"? Mac users use Macs because we like how Macs work and want to use software that feels like Mac software (Google the phrase "Mac-assed Mac Apps" to see what I'm talking about); presumably, Windows/Android/etc. users feel similarly about software they run on their own platforms. So what (user-oriented) goal is achieved by having a more unified UI design?

I agree with @StevenBedrick. Mac users do not want a unified UI design between platforms. We want a Mac specific UI design that feels right at home on out Macs. That's why I have been a 1Password user since 2007. All Electron does is make it easier to manage the code on your end. It does nothing to improve the experience for end users, in fact it's degrading it. Web based apps never feel native. I can't believe that a company that once took great pride in their great Mac software has made the decision to use Electron. Unfortunately there aren't really any other Mac native password managers available, but now that 1Password won't be one anymore it will lose that edge over the competition which is unfortunate. I'd much rather see you do some tweaks to 1Password 7 and keep it around for another year or two instead of forcing Electron on us.

Former Member

4 years ago

Concerns About 1P 8 for Mac from a Web and Software Developer

So I briefly tried 1P 8 and then noped right back to 1P 7. Here are some of my concerns, I hope they are fixed before general public release:

Mini. This is how I use 1P daily. Seems that 1P Mini has been reduced to a search field. Fine, I guess. May be nice. But that I cannot change its keyboard shortcut. I mean, with 1P 7 I use a 2-key shortcut that is deeply engrained in my memory and prime at my keyboard alongside other key system shortcuts. You have to allow us to "import" that into 1P 8. Such customizations is critical on macOS. Also, does Mini require the menubar option be shown? Why is that? I don't show 1P 7 there because the keyboard shortcut is all I need on my desktop with 2 large displays. All that considered, it was in my testing nearly impossible to just bring up Mini from any app.
Safari. Why require a separate app again, like was needed in the past and for Chrome? And it seems that it was not sensitive to showing logins for sites I am on like all 1P versions of the past did. Why? Will this be fixed? While the search is great for straight-up use, 1P in browser must be able to surface what it thinks will be needed most. Does it, too, need to be in the (about to be ever weirder, thanks Apple, but that is another issue not for you all) status bar? Because I also don't show it in 1P 7 given the keyboard being how I invoke 1P.
Biometry. I use my Apple Watch multiple times a day to unlock 1P. In 1P 8 Mini the main 1P window always had to come up, and then me click a button, to trigger it. In 1P 7 Mini it just initiates the biometry itself. Why is this so much more user-intensive now? This, too, must be just as simple as it is today. Unlocking the main window was equally button-heavy. This is just untenably annoying.
Electron. I mean, really, maybe it can be made to look more like the existing macOS app and other Mac apps. But that is way too heavy for a password manager. Please reconsider and go back to Cocoa. Maybe I'm needlessly harsh on this point. But given my others, this is a compounded concern. I use VS Code almost daily. I've grown used to it. That is Electron. But one of the main reasons I use 1P is its nativeness. Regardless the tech underneath, 1P 8 does not feel native. This is a serious disappointment.
Preferences. As I alluded to above, all existing 1P 7 preferences must be present in 1P 8. I have 1P set up how it works best for me. Not just keyboard shortcuts being all custom, but nearly every preference I likely have tweaked at one time or another. These must stay customizable. All of them.

I truly am sorry if this feels harsh. As 1P support staff may know, I post here often with questions and answers. I've used 1P since it used the Mac OS X keychain for storage and now use Families. I write software (web, iOS, Mac, etc.) and manage websites for organizations for a living, so have some idea of what feedback should be, but also how critical my password manager is in my line of work. It and its speed and stability are critical. 1P 8 truly saddens me and makes me wonder if my longtime support of you all was misplaced years ago until now.

I am more than willing to continue this conversation here or in another venue. But I will not be trying 1P 8 again until it is finalized. This is unlike me, as I have used 1P betas in the late-summers for years. Kind of feel it is a role I as another developer should play. By general public release, I sincerely hope for all of us that my concerns, and the many concerns expressed by others here, are taken seriously. Or that you do as Apple themselves are with iOS and keep 1P 7 fully supported and getting updates even after 1P 8 ships.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

betas

52 Replies

jaysee_au
New Contributor
4 years ago

The problem is that the Zoom call or a Twitch stream can be recorded and it is pretty easy to go back frame by frame.

So at least make it an option, even if it's disabled by default. Don't just summarily remove the feature.
Former Member
4 years ago
Very good reason to not do password unlocks inline in the browser :-)

and to share only the app, not the screen, but that's a different forum!
roustem
1Password Team
4 years ago

Is it really? Can't say I've ever done it, and even if I had, pressing macOS modifier keys is a brief split second action in general. Anyone "shoulder-surfing" would have to have superhuman photographic recall to read and memorise a long complex password in a second or less.

The problem is that the Zoom call or a Twitch stream can be recorded and it is pretty easy to go back frame by frame.
Former Member
4 years ago
Chiming in here. First, electron as a UI is a been-there-done-that-and-dumped-it pattern. Java and Flash are the two predecessors, and the issue is that don't get a mac app or a windows app. You get a flash app, or java app or electron app. They don't look and feel like native apps and the more you try and work around the framework, the more exposure you have to bugs. Sure, it's easier for developers, and looks good to the bean counters because it is initially cheaper, but in the long run the UX is always substandard compared to native code. Full Stop. Over the long term that costs more money because as customers leave, you end up rewriting to a native app anyway.

Security issues? Yes, absolutely as both Java and Flash clearly demonstrate. Electron should be somewhat better because of 20 years of advancement in coding practices and language development, but the risk is non-zero. Now any third party library has those issues, but native API's are one less abstraction layer to worry about, and Electron has a much larger attack surface and is a bigger, more juicy target.

Browsers are the most vulnerable, most commonly compromised, piece of software on the system. Browser integration is a key feature of a password system, so I accept that risk/ease of use tradeoff - especially for the less technical members of my family, but I've disabled the in-line unlock features both because it's just too darn easy to type into the wrong field (and I'm waiting for a malicious site to pop up a fake prompt), and because it covers up important information most of the time. The net is that runs in/with the browser needs to be at a higher standard than a standalone app.

I have zero issues with requiring a subscription for 1P8. Agile needs funding to support development, and their pricing is very reasonable for the capability they provide. However, that does mean I do expect a Mac application that enhances my overall security posture, not a lowest-common denominator hobbled solution based on a shaky framework with poor performance and UX.

Would I stop using 1P8 because it's electron? Not sure yet. Because of functionality gaps? Probably, but it's still early, so they should be fixed. Is there anything in 1P8 that looks like a genuine killer feature for the users? No.

Still haven't heard what's in it for the users with this migration. Maybe I'm missing something?

Net: As long as 1P7 will work on Monterey, and they commit to support it until 1P8 is full featured and stable we have time to see if Agile gets it right. If not, well, then time's really short.

P.S. At least they didn't try to build it on something like eclipse!
Former Member
4 years ago
In the meantime Apple released iCloud 12.5 for Windows: https://forums.macrumors.com/threads/apple-releases-icloud-12-5-for-windows-with-icloud-keychain-password-manager-app.2307743/
It includes a keychain password manager. This should really settle it. There is no reason (for most people) to invest in sth like 1Password.
1P_Ben
1Password Team
4 years ago

Why not?

We're going in circles here, I'm afraid.

We definitely want to find a solution here that will allow users to quickly and easily reveal their passwords without the level of risk the behavior in v7 exposes.

Ben
snozdop
Super Contributor
4 years ago

This is a problem we're looking at, but I don't think it is as easy as simply re-doing what we had in 1Password 7.

Why not? Have it turned off by default if necessary and a preference for users who understand the risk to turn it on if they want. You could also limit the amount of time the password is revealed for on a press and make that user configurable.

Not everyone uses 1Password in a situation that can be easily shoulder-surfed or screen-shared, so why deny those users a very useful feature if they want it? Again this seems to be dumbing the product down for the corporate market.
1P_Ben
1Password Team
4 years ago
Thank you, hazmat! I'll pass along that suggestion to the team working on keyboard shortcuts.

Ben
hazmat
Frequent Contributor
4 years ago
1P_Ben A long press of the Option key could be a good compromise for revealing the password.
1P_Ben
1Password Team
4 years ago
XIII commented just above that they have had the issue with '⌥ to reveal' accidentally revealing sensitive information. This is a problem we're looking at, but I don't think it is as easy as simply re-doing what we had in 1Password 7. We need to look at how we can offer this functionality without the downsides.

Regarding requiring a password to export... it appears our security team has already weighed in on that, and we will be requiring that in the future.

The security engineering team decided that we should be requiring a password prompt for users to confirm the export action.

It looks like it is just design and UI implementation work to be done for that to happen.

Ben

ref: dev/core/core#8989