Too many updates
I use 1Password for the family, and on a total of 8-10 devices. It seems that we are all bombarded with updates that seem to be demanded every 2-3 days. I mistakenly subscribed to the beta when I first started, but the updates for the beta are even more frequent, and I found it impossible to keep up, or even get off the beta program, and then received threatening notices that if I didn't update I would surely burn in hell.
This was tolerable until the 6.5.3 debacle with the 'searching for 1Password mini' error. I fixed this myself on my laptop, though the solution on the home page wasn't obvious; i.e. there was no download link at the notice about the error, instead I had to hunt for a way to download the latest version. In fact, the 1Password.com page doesn't even make mention of this error, even though it shuts us out entirely. I did find the notice on some subsidiary page, but this should be on the very top of the very first page! Now I have had to do the same for every member of my family, who have been without access to their passwords since the day they stupidly subscribed to a suggested upgrade. This is the worst software failure I have had that was company-induced for years.
My suggestion: STOP WITH THE CONSTANT UPGRADE DEMANDS
When there is an important upgrade, make sure it is tested well through the beta program, and only push it to regular users if it is a solution to a big security flaw. DON'T MAKE ME USE THE LATEST AND GREATEST, since sometimes, like today, it means I will have hours of downtime, which makes me not want to trust the app at all. My wife is furious about lost opportunities (couldn't pay for a trip at a favorite site, since she had trusted 1Password). I tend to agree.
GET YOUR ACT TOGETHER AND STOP TRYING TO ANTICIPATE WHAT I WANT. I WANT SOFTWARE THAT WORKS TODAY THE WAY IT WORKED YESTERDAY, UNTIL AND UNLESS I HAVE THE TIME TO IMPLEMENT SOMETHING NEW.
Still a user... for now.
1Password Version: 6.5.3
Extension Version: Not Provided
OS Version: OSX10.10.2
Sync Type: dropbox
Comments
-
Hi @dtempleton,
I'm sorry to hear you've been so frustrated with 1Password recently! We really appreciate your feedback, and I'd like to address your concerns as I feel there may have been some misunderstanding about some things you mentioned.
Regarding updates: Yes, we frequently release new updates for the beta version of 1Password for Mac. We make the beta versions available because we have many customers who like to help us test upcoming changes to 1Password before we include them in stable versions. Our developers are constantly working on bug fixes, improvements, and new features, and we need to release frequent beta updates so our beta testers can help us find problems (we do our own testing too of course, but we can't catch all bugs ourselves as there are infinite ways a computer can be configured or set up).
Is there a reason you had been using the beta? Beta versions will undoubtably include some bugs, so unless there's a particular reason to be using it, we recommend the stable release version instead. It sounds like you had some trouble switching, but it should normally be very easy: quit the 1Password app, drag the beta app to the Trash, and download the stable version from our download site. To make sure you aren't prompted about beta updates, disable the option for "Include beta builds" in 1Password > Preferences > Updates.
If you use the stable version of 1Password, updates will be much less frequent. For example, until this past weekend, the last stable update for 1Password 6 for Mac was two months ago when we released 6.5.3 in December. That's probably about average - sometimes updates for the stable version are released more often than that, sometimes less. I hope that isn't too frequent for you! :) Our updates include important fixes that many customers need, and I'm sure there are some who think we don't release stable updates often enough.
Now, it sounds like you experienced the problem last weekend which caused the AgileBits Store version of 1Password to give a "1Password failed to connect to 1Password mini" error. I'm very sorry for the inconvenience! Just to be clear, that problem was not the result of an update, as it only affected versions that had been around for months. We were just as surprised by this as you were, and from what we know, we did nothing wrong to have caused it. That error message doesn't accurately describe what happened, but we posted a blog article on Sunday to help explain it: 1Password for Mac 6.5.5: Manual update required
We posted another article a couple days ago which has more technical details, if you're interested: Certificates, Provisioning Profiles, and Expiration Dates: The Perfect Storm
As soon as the problem started last Saturday, our developers scrambled to figure out why that was happening, find a solution, release an update with the fix, and communicate everything to our customers. They were able to do all that within a few hours, but I'm sorry if you had trouble finding the solution right away. For the record, we posted information about it on our main support site, in an announcement post at the top of our Mac forum, in a new support article dedicated to the issue, at the top of an existing support article about a similar issue, in the two blog articles I previously mentioned, on our Facebook page, and on our Twitter account (and possibly other places).
As long as the version you're currently using is working for you, you certainly don't need to install updates (although it's usually a good idea as they contain bug fixes and other improvements). Of course, the unusual (and unexpected) problem that happened last weekend was such that version 6.5.3 would no longer work at all, and the only way to solve that was for us to release an update. So although you aren't a fan of updates due to your previous experience, I hope you'll understand that the update for 6.5.5 was absolutely necessary.
Again, we very much appreciate that you took the time to share your thoughts with us, and I sincerely hope this helps to give you a better understanding of what happened. If you have any questions about that, please don't hesitate to let us know. We're here for you! :)
0 -
Thanks for the explanation. I have upgraded the family to 6.5.5, and am surprised that the most recent issue was not the result of an upgrade, because it seems to my wife and I that the update demands are more frequent than you say. I tried the beta because I wanted to keep an eye on development, but that really became a burden. It was nigh impossible to get off the beta system, and I finally did when I upgraded my desktop.
We're all human, but the 6.5.3 problem proves to me that it is essential to be able to function without 1Password if necessary. An Agilebits employee gently criticized me in a reply on the forum for not using the autogen passwords (PnBhwbL9WibazyozMyEg) which I would have to write down in order to access my accounts the next time 1Password barfs. He probably didn't imagine that that was possible.
For my passwords I use a two secret code based on my personal information, the website's information, and a calculation. I think it's pretty secure, and I can calculate the code based on those two pieces of information, though it's simpler if 1Password remembers it for me`. The calculation is along the lines of a numerical calculation based on the URL, then applied to a textual piece of private knowledge, resulting in a unique but baffling array of letters and numbers and a smattering of special characters. It would be good to be able to teach this system to 1Password so that I don't have to generate it for every new site. However, I'm not willing to use the random generator, even the one that pastes three words together. "upstream-communal-beguile-whilom" is no more memorable to me than DhDfATkKJYj2CWKBHyqm
To each his own, but this situation has reminded me that nothing is perfect, and you should not put yourself in a position where you are wholly dependent on an imperfect piece of software.
0 -
@dtempleton: I guess it it could certainly feel like your bombarded with updates, especially if you don't use 1Password often, creating passwords on your own. But I'm using the betas myself and I don't even get an update every day (though some weeks I do). You can see from our release notes and update history that, prior to this past week's "excitement", we hadn't released a new (stable channel) update since last year, shortly before Christmas. But if you're using 1Password on many devices — especially multiple platforms — you may have a new version more frequently in aggregate. I personally don't feel that this is burdensome, as in most cases you're not forced to update as soon as a new version is available (there's even a "skip this version" button on the update window), but everyone will have different preferences.
So while we try to strike a reasonable balance, we also have to keep in mind that most users expect 1Password to receive regular updates, with improvements and new features over time, and frankly we expect this of ourselves. Some folks feel that development is too slow, even with the beta channel, but we'll continue to strive to keep making 1Password better, but not be too hasty with our release schedule, as it's worth taking the time (with the exception of time-critical fixes) to test and refine things.
Also, as fun as the concept is, we definitely don't have plans to incorporate "seeding" password generation as you describe, as anything human-based won't be random, and anything non-random will have a pattern that could be exploited. Even if it isn't obvious to a human, it makes much less work for a computer. And a lack of entropy is evidenced by anything memorable or communicable. Something that a human has difficulty reproducing will have more entropy, and we need to go much further in that direction to thwart sophisticated automated attacks. This is why long, strong, unique, random (i.e. not based on anything known) passwords are so important.
It almost sounds to me like you'd prefer not to use 1Password at all, and while that's certainly your prerogative, I don't think it has to be that way. Theres nothing stopping you from backing up a digital archive or hard copy of your data periodically for an emergency, including completely random passwords that are generated for you, which no one will guess, and for which the entirety of civilization does not produce enough electricity to run enough machines to crack it. But there just isn't any reason for any of us to be "wholly dependent on an imperfect piece of software" or hardware. Always have a backup. Anyway, just a thought. If it's something you'd be interested in pursuing, we're happy to help. Either way, I hope you have a great weekend, and if all goes well it will be a quiet one with no updates. ;)
0 -
I don't mean to keep this thread going forever, but how do you envisage "Always have a backup"? The classic flaw of a secretary keeping a piece of paper taped to the monitor with all the passwords comes to mind. I suspect that my 'seeding password' scenario, which could be cracked by a supercomputer, is more secure than any backup scenario. Should I have two password storage solutions, Agilebits and a competitor?
0 -
Because I was stumped by your assertion that you hadn't released any updates since last year, I went back and looked at the record you cite.
6.5.1 Nov 11, 16
6.5.2 Nov 23, 16
6.5.3 Dec 21, 16 (the one that caused the problems)
6.5.4 ??
6.5.5 Feb 18, 2017
6.6.1 Feb 23, 2017Thats 5 updates and one phantom in 4 months, some 1-2 weeks apart, and all pushed onto users. I received the 6.6.1 push today, and my family is asking whether this is a worthwhile update. It seems that this is all for the new MacBook hardware, and the answer is going to be no.
I guess I'm still angry with the defect in 6.5.3 that arose despite a vigorous beta program, and that there was not a solution pushed out when it was discovered. The user had to search for his own solution, that was not prominently displayed on the Agilebits front page. This has taught me that 1Password is a convenience, but not a trusted solution for security if you want a 24/365 partner.
Still curious how you see implementation of your 'always keep a backup' suggestion.
0 -
I don't mean to keep this thread going forever, but how do you envisage "Always have a backup"? The classic flaw of a secretary keeping a piece of paper taped to the monitor with all the passwords comes to mind. I suspect that my 'seeding password' scenario, which could be cracked by a supercomputer, is more secure than any backup scenario. Should I have two password storage solutions, Agilebits and a competitor?
@dtempleton: It seems like you're conflating backup strategies and password generation. These are very different issues. A backup, as implied is the name, isn't something you need to use every day; it's a contingency, a Plan B. I intentionally didn't go into detail because everyone is going to have different preference here, but mine is to literally backup my data in multiple places (local and offsite), and keep a copy of my Emergency Kit in a secure location. Some people print everything out and store that in a safe deposit box. Post-Its with passwords isn't what I had in mind at all. :lol:
Because I was stumped by your assertion that you hadn't released any updates since last year, I went back and looked at the record you cite.
6.5.1 Nov 11, 16
6.5.2 Nov 23, 16
6.5.3 Dec 21, 16 (the one that caused the problems)
6.5.4 ??
6.5.5 Feb 18, 2017
6.6.1 Feb 23, 2017
Thats 5 updates and one phantom in 4 months, some 1-2 weeks apart, and all pushed onto users.1-2 weeks apart is a far cry from the "every 2-3 days". I'm sorry for not being clearer. I'll rephrase it: prior to 1Password for Mac version 6.5.5, we hadn't released a new (stable channel) update to users since last year, shortly before Christmas — version 6.5.3, on December 21st, 2016. 6.5.4 didn't reach users like you because we pulled it when we realized that it didn't completely resolve the issue.
I received the 6.6.1 push today, and my family is asking whether this is a worthwhile update. It seems that this is all for the new MacBook hardware, and the answer is going to be no.
If you look at the release notes you'll see that it includes 15 other improvements besides the Touch Bar update. But it's entirely up to you whether or not you update.
I guess I'm still angry with the defect in 6.5.3 that arose despite a vigorous beta program, and that there was not a solution pushed out when it was discovered. The user had to search for his own solution, that was not prominently displayed on the Agilebits front page. This has taught me that 1Password is a convenience, but not a trusted solution for security if you want a 24/365 partner.
6.5.3 wasn't defective. You probably know that as well as anyone, if you'd also been using it since last year. It would also be really weird for a bug in 1Password to affect other apps and prevent them from launching too. In reality, an issue with macOS prevented the app from launching. And as mentioned previously, we've worked around this with subsequent releases, and we're also working with Apple to make sure that a more permanent solution is put in place so this doesn't affect anyone in the future either.
Still curious how you see implementation of your 'always keep a backup' suggestion.
It's a matter of personal preference. After all, the backup strategy many people use is none. I wish that weren't the case, but certainly exporting or printing, while not something I'd choose to do, is a sort of lowest-common-denominator option. The most important thing is storing your important data in a way in which it is accessible to you in an emergency, but not to others.
0 -
I am still so angry about telling us that 6.5.3 wasn't defective when it didn't work with the current OS and took away the ability to access our passwords and there wasn't a notice on the website as to why for three weeks. Maybe that's Apple's fault, but your commitment with your weekly updates is to BE CURRENT WITH THE OS. It's a load of pucky that this is an operating system fault, not a 1P fault. Making excuses for your errors makes you... eligible to be president of the US.
As far as your backup strategy of printing out a copy and keeping it in a physical safe; maybe that's the only option for an app that could go down again any time. HOWEVER, there doesn't seem to be an export function in the menu bar, nor in the faq. I'm here to see if there is a discussion about how to export a csv that I can then encrypt and store on my server. You don't make it easy, I suppose because if it was easy others would migrate to better SW options.
0 -
OK, I see there is a way to export form 1P The option is greyed out unless you select a single vault.
0 -
I am still so angry about telling us that 6.5.3 wasn't defective when it didn't work with the current OS and took away the ability to access our passwords and there wasn't a notice on the website as to why for three weeks.
@dtempleton: Literally nothing changed in 1Password to cause this. You can learn more about the details on the followup blog post-mortem, but the short version is that this was due to time-based certificate handling. And we had forum and email responses right away, an update for 1Password within hours, and a blog post up on the site with more information in less than a day, so I'm not sure what three weeks you're referring to.
Maybe that's Apple's fault, but your commitment with your weekly updates is to BE CURRENT WITH THE OS. It's a load of pucky that this is an operating system fault, not a 1P fault. Making excuses for your errors makes you... eligible to be president of the US.
This wasn't triggered by a macOS update or some incompatibility. You should really read the blog post. Apple has already taken steps to prevent issues like this from happening in the future, and we've filed a report with Apple as well (rdar://30631939) to address other aspects of this issue.
As far as your backup strategy of printing out a copy and keeping it in a physical safe; maybe that's the only option for an app that could go down again any time. HOWEVER, there doesn't seem to be an export function in the menu bar, nor in the faq. I'm here to see if there is a discussion about how to export a csv that I can then encrypt and store on my server. You don't make it easy, I suppose because if it was easy others would migrate to better SW options.
OK, I see there is a way to export form 1P The option is greyed out unless you select a single vault.I'm sorry you had some trouble with this, but if our intent was to lock people in, it would have been much more expedient for us to not add export features in the first place, or document them on our support site. I'm glad to hear that you were able to export the data though. With regard to backup strategy, the method is really a matter of personal preference. I'm sorry you were affected by this issue, but keep in mind that we were too. That's not to elicit sympathy, but to illustrate that you're not alone and we are very motivated to fix any issues like this as they arise. And while it would certainly be preferable that something like this not happen in the first place (which is why we've taken the time beyond just fixing 1Password to research the problem and discuss it with the community and with Apple), I think that our quick response in this case shows just how much we care.
0
