Thinking of leaving 1Password

ftwilsonftwilson
edited September 2017 in Lounge

Hello,

I've been a happy, single-license user of 1Password on Mac and iOS for several years now. I'm pretty satisfied with local vaults, synced across my local wifi. I like the interface and the frequent updates.

However, I've been championing password keepers to my family and recently had an incident in which my cousin, on my advice, downloaded 1Password to her Windows machine, only to find that the current version doesn't support local vaults. The 1Password folks were good about explaining this to me and seeking an option to get her 1Password 4, but no dice. (I'm not sold on passwords in the cloud yet, and since I don't have to do it, it's hard for me to argue to my cousin that SHE should do it.)

As the resident tech support guy for about four extended family members, I try to be on top of the key software they use, usually by recommending the software I use. Lacking a 1Password solution for her, and reading all the strong reviews for LastPass, I started giving it a look.

Suffice it to say that, especially since the basic version is free and the premium version is only $24/year (vs $59.88/yr for 1Password's family-capable version), it's intriguing. I don't like its forced use of web-based sync any more than I like it in 1Password for Windows. But, if I'm going to start giving more weight to a "family-centric" approach to passwords, I might have to "get over it." And, since 1Password for Windows (for my cousin) has no projected delivery date, I can't recommend telling my cousin to keep her 1Password subscription while she waits. (And, just for clarity, I have no interest in sharing passwords with my cousin or managing her passwords or password keeper; any "family" aspect of our use would be for me, my spouse, and kids.)

Don't get me wrong, I like 1Password and AgileBits a lot, particularly the interface, an area where I find LastPass lacking. And, if I'm going to accept the idea of passwords in the cloud, why not stick with 1Password, right? (The answer is the price.)

Given the situation I've described above, anyone want to offer reasons we shouldn't leap to LastPass?

Thanks,

Todd


1Password Version: 6.8 (mac), 6.8 (iOs)
Extension Version: Not Provided
OS Version: 10.12.6 (mac), 10.3.3 (iOS)
Sync Type: Local WiFi

Comments

  • Catalin1PCatalin1P
    edited September 2017

    Hi,

    I have been using LastPass for the past 3 years and I can tell you one thing. Since LogMeIn bought them it's like they are changing things but these changes come at the expense of security/privacy. They have hit the headlines a few times for security concerns and that is the main reason I left them after 3 years in favor of 1Password. I don't regret this decision but I regret that I haven't ditched them earlier.

    "According to Vigo's write-up, he discovered that Lastpass was using a hash of a user's password to generate the QR code that is used to set up 2FA on a user's device."

    You can read more here then we have more security concerning issues like this: 1, 2, 3 4

    This topic LastPass in the news again has some good points about advantages en disadvantages of LastPass over 1Password.

    Also, 1Password will bring local vaults for Windows back. You can find more details here.

    This is just my own opinion as of why I ditched them. In the end it's up to you to choose what fits your needs.

    LastPass plans to change it's personal line up. More info here

    Don't get me wrong, I like 1Password and AgileBits a lot, particularly the interface, an area where I find LastPass lacking. And, if I'm going to accept the idea of passwords in the cloud, why not stick with 1Password, right? (The answer is the price.)

    LastPass interface is a pain to use it while 1Password is so smoothly.

    LastPass has a forum but don't expect to receive support over there. I should ask them why are they having that forum if nobody helps you out.
    The support system at LastPass isn't so great even though I was a premium user. Even with the premium tier I had to wait quite a while until they responded to my ticket.
    The fastest approach is to use Facebook messenger or twitter. Don't expect from them to reply to you in the weekend because they're available from Monday till Friday 9-5 PM ET.

  • Catalin1PCatalin1P
    edited September 2017

    While I was testing something out yesterday, I also noticed that LastPass isn't 100% honest with you They are saying "we will purge all your data" yet they retain some data about its customers. It goes like this: You delete your account then they are stating that

    This process is irreversible and will permanently delete all of your data as well as your LastPass account.

    *Once your account is deleted, all data will be wiped from your account, and this cannot be undone.
    **Once you create a new account with the same email address, if you have remaining Premium subscription time, it will automatically carry over to your new account.

    Later edit: I attached some screenshots after I tested their theory out. The tests have been done by myself with 2 of my email addresses that I have been using while I was a premium LastPass customer. I removed all sensitive information from the screenshots.

    So if my account has been deleted and I create a new account with the same email address why the heck are those invoices there? This is unfair from them. I wonder which data do they keep while lying that they are going to delete all your data?

    ***Does 1Password retain any data if a customer deletes its account while their subscription is still active? How do you handle this if they plan to come back and want to use the remaining days of their subscription?

  • brentybrenty

    Team Member

    @ftwilson: Honestly the price is a bit of a red herring in many cases, since you're comparing an individual account (as far as I understand) to 1Password Families, since the latter includes up to 5 family members at the base price. If you're going to use 1Password alone, there's still a difference but it's less significant. And the same goes for two people, since 1Password Families is a bit cheaper than two separate individual accounts — and that also enables things like recovery and sharing. And I think our personal support sets us apart from the competition as well. For me, the simplicity of all of this is worth it, since my family isn't as dependent on me to get things done with 1Password. But certainly it comes down to what you value, if you and your loved ones prefer you being the password guru. And regarding "the cloud", we put a lot of effort into no only the security itself, but also making how it works accessible to people. Otherwise I wouldn't use 1Password.com either!

    Ultimately this is a really personal decision. We're talking about some of our most important data. So it's got to be about what is the best fit for you, not me or Catalin1P, or anyone else regardless of how well-meaning we are. So I think it's good that you're evaluating things with yourself and your family in mind as well. We put a lot of work into designing, developing, testing, and supporting 1Password, but it isn't going to be a perfect fit for everyone. So no matter what, while I'd love for you and your family to continue using 1Password (and that goes for everyone else here at AgileBits), we'd rather you use a competitor's product if it's a better fit for your needs collectively. We want happy customers not trapped ones, so be sure to let us know if we can help! I'd encourage you to reach out to us via email at [email protected] in case there's a combination/setup that would allow 1Password to work better for you that you hadn't considered. :)

  • Hi Brent,

    Thanks for your reply. On the price, no, not a red herring. The "$24/year (vs $59.88/yr for 1Password's family-capable version)" is comparing LastPass's Premium version (required for their family configuration) and 1Password's family capable version. I'll be sure to follow up, but the current hangup is my cousin's inability to get a local-only solution ahead of your next Windows version. Otherwise, I wouldn't be looking around!

    Best,

    Todd

  • brentybrenty

    Team Member

    @ftwilson: I don't see where they offer a plan for a whole family for the same price as an individual account. Last I heard they had announced but not launched a family plan, and pricing was not available. That's what I meant. I may be missing something though.

    Anyway, definitely shoot us an email. Maybe there's something we can do to help if you'd prefer to stay with 1Password anyway. :)

  • XIIIXIII
    edited September 2017

    LastPass Families will be $48/year:

    https://blog.lastpass.com/2017/08/updates-to-the-lastpass-personal-lineup.html/?sf60936067=1

    Note that they are restricting sharing in the Personal plan (though not for existing users) and at the same time doubling the price of the Premium plan.

  • brentybrenty

    Team Member

    @XIII: Ah, thank you. I guess one thing can be said: plans are a bit confusing for both! :lol:

  • Catalin1PCatalin1P
    edited September 2017

    To be honest @brenty, personally, I think they are confusing people because they haven't explained how things will work from now on.

    They just said what will be added and what will be taken away, without giving a good explanation for the price increase or why some features will be restricted to new customers, but the old ones get to keep them. To me it feels like they are a little confused themselves and they are trying to figure things out first. This feels rushed and unpolished.

    As I have said earlier my personal experience with them wasn't so great. The upper hand they have is the price but other than that they do not have much in comparison with other passwords managers beside cloud syncing, which obviously everyone offers cloud syncing, some do it better others are still improving it.

    There is room for a lot of improvements starting with communication skills, followed by some security improvements, a cleaner user interface and least but not last which in my opinion is a very important to do on their list is costumer support. I just want for everyone to have an inside view through my personal experience with them.

    Now let me tell you why I love 1Password. 1Password stands out for costumer support, how well they managed to blend security with a futuristic design which I am in love with the design by the way. Thumps up for everyone at AgileBits for the design ❤️ and least but not last 1Password listen's to feedback even though they can't react to it right away because it might involve talking about future plans. And I think 1Password works with this idea in mind "I would rather not talk about future plans because I don't know if I will be able to keep all my promises". That being said I urge everyone not to jump to conclusions but rather wait patiently and see wat the future has in store. As for me I have finally found a password manager that meets my needs and as long as they are going to do so, I'll stick around.

  • Many thanks to XIII and Catalin1P for clearing up my confusion on LastPass' pricing for the family plan, and to brenty for the discussion on 1Password. In some respects, with that info and the helpful dialog above, it's back to the drawing board. There doesn't appear to be a price incentive to favor LastPass for "family" management. LastPass doesn't have a local-vault-only option any more than does 1Password (on the Windows side, for now). LastPass's only seeming advantage for my cousin is the price for the individual version (but, again, that would require getting her over the hump of cloud storage).

    We'll keep evaluating!

    Thanks!

  • BenBen AWS Team

    Team Member

    If that is the hang up I'd highly recommend checking out our 1Password Security Design White Paper.

    Thanks. :)

    Ben

  • Todd (@ftwilson),

    About 1Password's decision to store your vault on its own servers, I understand your concern. Or more precisely, I should say that I felt the same way for a while. After thinking about it a lot and working with 1Password.com's new service, I'm very comfortable with it.

    First, the new subscription service through 1password.com really isn't ANY different from using Dropbox or iCloud to sync your passwords across multiple devices, except that 1password.com makes sure your vaults are backed up, which neither iCloud nor Dropbox do automatically. In other respects, a vault in a Dropbox share on my computer is in the cloud just as much as my vaults on 1Password.com's servers.

    Second, what are we worried about? If the AWS servers that 1Password.com uses were physically captured by brilliant Russian hackers, I wouldn't be (very) worried. I'm inclined to trust what I've read here and elsewhere, and so I'm pretty confident -- confident enough to sleep well at night -- that direct physical access to my encrypted vault won't do anybody any good. According to every formula I've looked at, my master password is comfortably into "overkill" territory, which is fine by me. Remember, hackers would actually have to GUESS my master password. There's no table of hashed and salted passwords for them to attempt to crack. And the bad guys would also have to guess my account key (a.k.a. "secret key"). Neither the master password nor the account key are on 1Password's servers. I'm much more worried about the gun-to-my-head scenario. And thank goodness I'm not very worried about that.

    I'd second Ben's recommendation of the 1Password Security Design White Paper. I don't know a lot about cryptography but I generally follow the explanations in the White Paper: it's an extraordinarily good piece of technical writing! Anyway, it's solid and reassuring reading.

    Good luck with a tough choice.

    Will

  • brentybrenty

    Team Member

    @williamporter: Thanks for chiming in with this perspective. I especially enjoyed this:

    According to every formula I've looked at, my master password is comfortably into "overkill" territory, which is fine by me.

    Maybe we need to work "overkill" into our marketing materials! But this, maybe not so much:

    I'm much more worried about the gun-to-my-head scenario. And thank goodness I'm not very worried about that.

    But it definitely helps me sleep better at night. That is, not having to worry about that. Cheers! :lol:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file