1Password is the best password manager I've used, and the family plan works great and is reasonably priced ($60/year). Unlike many folks who are cloud-averse, I prefer a cross-platform solution that syncs to the cloud, and I'm comfortable with their security model (https://support.1password.com/1password-security/).
It's worth noting that they really fubared the 1Password 8 transition and I was very irritated that they had me looking at alternatives. However, they gradually fixed the problems and missing features and now I'm 100% satisfied with it again.
> “It's worth noting that they really fubared the 1Password 8 transition”
I’d never use 1Password again. While the software may be good when you try it, I’m sure they will ruin it at a later date. That was my experience. The company earned my enmity.
1Password is making choices for the business at the cost of security. Sucking people's password vaults into their cloud is very not cool. Additionally removing the local vault only option is another business first decision.
It's only a matter of time before 1Password has a real security problem because the business forces at 1Password appear to be much stronger than the engineering forces.
1Password is E2E encrypted no with decryption/encryption happening only at the edge? If the cloud storage is compromised, that doesn't mean the attacker can read the passwords?
It's a march of small concessions and after 5 years of marching you find yourself very far away from where you thought you were. "We only collect things that don't matter to you, trust us."
That means that that shareholders can make the company choose things that benefit shareholders at the cost of customers. Taking investment is a fundamental change in trust architecture.
I no longer believed that 1password is aligned with me, and alignment is a constant force always acting. Removing local vaults was proof of lack of alignment. Removing local vaults was proof that 1Password will choose money over security. Removing local vaults was proof that that appearing worthy of trust is a lower priority than coercing people into their cloud.
No but it means a fake 1P login page can be served and that will result in some non-zero number of people who didn't have a choice on a local sync having their credentials compromised. I am a huge 1P and I think their whitepapers show off their top-tier talent in the crypto space but killing local sync was a very crummy decision.
Conversely: I have zero interest in managing the storage of my own password vaults. It's a trade-off I'm willing to make for convenience and durability.
By way of example: I recently moved overseas, and in the process I wiped my desktop and moved to a laptop-only setup. Unfortunately, I managed to back up an outdated Adobe Lightroom catalog, not my current catalog, so I lost about two years' worth of catalog data -- including Lightroom edit histories. Yes, this is obviously a mistake on my part, but I recognise that I make these mistakes, and I'm willing to trade some loss of privacy and security for a significant decrease in a different risk profile.
Removing a local option is shitty, but there's nothing wrong with providing cloud-based storage.
I have to agree. Been using it ~5 years with no issues. There may be application specific reasons some other manager is better, but for an easy to use and seemingly solid product, I'd recommend 1password.
It's worth noting that they really fubared the 1Password 8 transition and I was very irritated that they had me looking at alternatives. However, they gradually fixed the problems and missing features and now I'm 100% satisfied with it again.