Just curious what the general consensus of 1Password is here on HN? I am especially interested to hear from people that are actually using/paying for the cloud hosting (their servers).
I have used 1Password on Mac and iOS since 2010. It has been completely effortless and the browser plugins are excellent. There is nothing negative that I can come up with except perhaps the price (which is a minor point, because the last major version updates were free).
I was opposed to the subscription-based pricing. However, my wife moved to an employer where it's not possible to install 3rd party software. Since 1Password Anywhere is now defunct [1], we decided to take a family subscription so that she can use the web interface at work.
Their subscription version also works fine - I didn't notice any significant differences in my day to day use, except that sharing has become much simpler.
It's very nice, particularly if you live in the Apple ecosystem where KeePass clients are complete crap.
I avoid the 1Password.com cloud hosting stuff because it slightly expands the threat model in exchange for web access to my passwords on public/stranger's computers, something I view as an anti-feature.
I've been using it for a number of year and love it. Very rarely do i have any complications with it. My biggest complaint is the number of other apps that don't integrate the password manager into their logins so i have to go into 1p separately to get the password—its a minor hassle, but annoying when all you want to do is log into some rarely-used app.
I have the non-cloud version, works fine. The most annoying part is that the license/version scheme is, in my opinion, too complex. I can never exactly tell if I have the latest version and if I need to upgrade (which costs $$). It seems silly to have to consider what machines/operating systems I'm using when picking a license -- especially when a key feature is cross platform/device syncing.
I would rate the browser extensions 3.5/5 -- sometimes has trouble when there are multiple browser windows and I can't exactly figure out what the "timeout" period is before I have to enter my cumbersome master password again.
I would rate the Android app 4/5 -- it has a feature to use a PIN instead of my full master password, which is fine for my usage, but that feature never seems to work.
Overall, it works fine about 90% of the time. I feel like I've gotten my monies worth. My password habits are better than before using it. I think the software could be improved and I am slightly hesitant about the companies recent push for cloud hosting (which I will never use).
Have been using it for years. Tried Dashlane, Keepass, LastPass, but it's still by far the best at what it does, especially on iOS and macOS. The new web solution is quite neat too.
I can't offer consensus, but I can relate my experience. I recently purchased 1Password for Teams based on previous discussions of its design merits relative to tools like PasswordSafe and KeePass (both of which I've used in the past), and I've deployed it across Windows, macOS, and iOS clients and used it with Firefox, Safari, and Chrome, in addition to making regular use of the in-browser web app (which is required in order to manage the team). From the user's perspective, the macOS and iOS clients work the best in that they support all of the 1Password client-side features (adding/editing custom fields being the one I use the most). The macOS version of the browser plugin has a great UI, in that one can quickly access/edit the different credential record fields via its pop-up window.
Neither Windows client nor the Windows browser plugin seems to be as flexible or as polished. Until very recently it wasn't possible to add custom fields (one had to log into 1Password via the in-browser client or use the macOS/iOS client to do things like add a TOTP credential), and the browser plugin's UI is slow and more difficult to use compared to the macOS version. While the Windows client comes packaged as an MSI, I believe that it only supports per-user installs, which prevented me from deploying it using our enterprise configuration management system. Ultimately, it seems like the Windows client and browser plugin aren't supported as well as the macOS/iOS versions, which has ended up slowing our adoption of the software as most of our users run Windows (I'm getting ready to transition away from macOS myself).
The team management features of 1Password work well, but one can only access them via the in-browser web app as neither the client nor the browser plugin provide access to those features. So far I haven't run into any synchronization problems, and that includes using it in some out-of-the-way places with poor network connectivity (high latency/high packet loss/low bandwidth).
Because I was using KeePass, I could not use 1Password's built-in migration tool. Their third-party migration tool (which I grabbed from their GitHub repo) worked smoothly.
Overall, 1Password for Teams works better than the mix of KeePass and ownCloud I was using before (not to mention the questionable third-party ports of KeePass to iOS/Android or the fact that KeePass did not work at all when run under Mono on macOS). Despite the limitations and relatively poor performance of their Windows offerings (my biggest issues with the product), I will likely renew our subscription this year.
I've been on 1Password for about 3 years, using their cloud hosting for 6 months. Nothing but good things to say about them really... the cloud version removed a layer of occasional annoyance with syncing, the iPhone app with fingerprint access is excellent. The price is fairly high, but I really value a security product that's well thought out and easy to use.
"Now there certainly are some geek creed we could get from building
PGP/GnuPG signatures files, and we might do it. But I'm doubtful that
it actually would provide a meaningful improvement in security. On the
whole, we try to avoid "security theater" even if it is of the geeky
sort"
* They are a bigger target to a watering hole attack than Transmission BT.
* They think authenticating your downloaded is "security theater".
The alternative is trusting ME with all those passwords, which is far more dangerous. Because I'm neither going to do a good job of creating passwords, nor of remembering them, so I'm going to end up using the same shitty password on every site I care about.
I was opposed to the subscription-based pricing. However, my wife moved to an employer where it's not possible to install 3rd party software. Since 1Password Anywhere is now defunct [1], we decided to take a family subscription so that she can use the web interface at work.
Their subscription version also works fine - I didn't notice any significant differences in my day to day use, except that sharing has become much simpler.
[1] https://discussions.agilebits.com/discussion/63045/moving-be...