I think this might be the straw that breaks the camel’s back for me with 1password. I have no idea what I’ll replace it with though, maybe just iCloud keychain now it can do one time passwords too.
@ChrisJWilson Reading their article, I’m not understanding what they are doing that would cause people to cancel?
@ChrisJWilson at least they’re open about it. It’s weird watching them grow into this corporate realm, after many years of them being an “indie”, so perhaps it all just feels off.
@ChrisJWilson My 1Password runs your soon and I’m spending time getting comfy with ICloud Keychain. It’s pretty good, I haven’t had any issues. Only reason is I’m trying to cut down on subscriptions.
@kq @chrisjwilson @gregmoore @vincent @bensouthwood I’m of two minds about this. On one hand they’re being open about it, which is the right thing to do. However I don’t feel telemetry has any business — let alone need — being in a secure or sensitive app, especially passwords. What kind of usage data could they possibly hope to glean from this thats outside the norm, and thus a point of friction? It’s not complex software; it’s a password manager.
You save a login, password, maybe a TOTP code and notes, and you never see the app again until you’re logging in somewhere. Am I missing something obvious from this? Genuinely curious…
@ChrisJWilson @pimoore @gregmoore I also don't think that putting telemetry into such applications is a good idea, but at the moment I don't see any reason to cancel the service and switch to some other password manager.
I wouldn't like to change it because it has its own unique features that suit me and I haven't found them in others (or I haven't looked hard enough).
@ChrisJWilson can I just throw "keepass xc" in here and walk away? Just integrated it with librewolf on my Mac.
@ChrisJWilson can I just throw "keepass xc" in here and walk away? Just integrated it with librewolf on my Mac.
@ChrisJWilson the fix is surely to allow an option for the user - telemetry off by default - on by choice?
Maybe I am missing the big picture that has you concerned.
@pimoore @ChrisJWilson Exactly. Why it should it matter to them how often I open the app or how many times per day I use autofill. Reading the press announcement, at least as of now, this will be Opt IN by default with Opt out as an option. Opt Out should always be the default
@kq @chrisjwilson @gregmoore @vincent @bensouthwood sorry for the double post earlier. My Android app does this for some reason and also doesn't include everyone I wanted to include in the conversation.
I use KeePass XC, but after looking into it, it doesn't look like it has a Safari Extension. I trust that for Mac users in general, that's a deal breaker.
I use it on LibreWolf, a privacy geared fork of Firefox (basically the stripped Firefox from Mozilla's telemetry, which is kind of relevant to what we're talking about here) which work with KeePass XC.
Besides being free, it comes with additional features like custom fields that can be password protected, password expiration date alerts, TOTP for 2FA, and CLI to work directly from the terminal among other things. The one thing it doesn't come with is a company and a cloud. So you have to take care of that, but it's a simple matter of keeping the database in your iCloud or what have you (Syncthing for me).
It can be a bit hairy to set up at times (just updated a section in my wiki on macOS for that actually), but I think it's worth it.
@jtr I’m looking into the double (sometimes more) post issue (if you’re using the MB Android app). Will report back on that as soon as there is something to test.
@jasonekratz Fair point, I should’ve specified not complex for the user (in most cases, I feel). Under the hood it definitely is, you’re right about that. My concern still is that it’s a slippery slope. One of their core tenets has always been they don’t need analytics to run the software; now that’s going by the wayside. And VC money always has a large pull on corporations, despite whatever they say to the contrary.
None of this sits well with me at all, now, to the point where I’m migrating back to iCloud Keychain. Ironically I really dislike the Mac version of 1PW after using it on my work machine. It just feels clunky, and it being a non-native app is abundantly clear. That’s obviously not the primary reason for my decision, but it helps. 😆
@jasonekratz Like you mentioned I’ve seen autofill issues, especially with OTP codes. I don’t recall ever having those problems previously on any platform, though I haven’t had a Mac at home for quite some time now, and only recently added it on my work Mac to access shared passwords. I also still sense a lagginess to it, though I’m willing to concede that might just be from me being a nitpick. 😂
Don’t get me wrong, I wish I didn’t feel this way. From a security perspective 1PW is solid, but I’m just not comfortable with this prospect.
@ChrisJWilson I've been using 1password for at least a decade or more. But I'm trying to figure out how to take a Saturday and switch to iCloud Keychain. There are certain aspects that make 1Password clearly better. But changes like this and other more corporate oriented moves in the past year or two make me concerned about the future.
@jasonekratz @pimoore FWIW I like 1Password and have used it for a number of year, I have no plans for switching to Keychain ( a potential problem with relying on the keychain ), but I don't really like v8. I don't know if has to do with it being an electron app (it's pretty good for being an electron app) but there is something that feels "off" when I'm using it. I'm running v8 and v7 on different machines and when I use v8 there is something with it that feels wrong - I can't really explain it.