1Password for Mac vs. 1Password X: What'S the difference?

Thomas_UThomas_U Junior Member

1Password for Mac vs. 1Password X: What's the difference? What is the relation between the two?

I am referring to today's post inside the 1P beta updater.

Quote from updater:

1Password for Mac now receives a list of accounts from 1Password X during initial setup.
(...)
Corrected a problem where 1Password X would not lock when 1Password for Mac was quit completely.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Didn't even know what 1Password X was...as it's mentioned in the 7.3.BETA-10 (build #70300010) notes.

    1Password X

    https://support.1password.com/getting-started-1password-x/

  • LarsLars Junior Member

    Team Member

    Hey @MBehr and @Thomas_U! Thanks for the question and sorry for any confusion. 1Password X is our newest browser extension that works directly with a 1Password.com account and doesn't even require a standalone 1Password app like 1Password 7 for Mac or 1Password 7 for Windows in order to function. It's pretty great if you've got all your data in a 1password.com account, since you're now restricted only by what browsers you can install (Chrome and Firefox, as well as some Chrome derivatives like Brave and Vivaldi, are supported). So it works on Linux, on Solaris, nearly anywhere you can install Chrome.

    However, if you're using 1Password for Mac or 1Password for Windows, you can still use 1Password X as long as your data is in a 1password.com account -- and now, 1Password X can interact with the local Windows or Mac 1Password app as well, (un)locking each other when you unlock one. This is very much a beta feature at present, and obviously this won't work if you're still using standalone vaults...but if you're using all-1Password.com accounts/vaults, it's pretty awesome. And in that situation, it could even replace the regular (desktop app required) extension (currently at 4.7.3.90).

    Anyway, hope that answers your questions, but feel free to ask any follow-ups you might have, and let us know what you think re: 1Password X if you decide to give it a whirl! :)

  • Hi @Lars,

    Thanks for the explanation, I had been confused too. One question I have is, why can't 1Password X fully replace the desktop browser extension? I can't see any reason why it should be unable to access local vaults on platforms that have the native app installed; this is a regression from the existing desktop extension (this beta might be starting to fix this at least for unlocking?). I understand that 1Password X is meant to work on any platform/browser with 1Password.com accounts, and that its main benefit is that it works without needing a native app, but why can't it also support local vaults and all the features that the existing desktop extension does on supported platforms? I guess what I'm saying is, in other words, why aren't the two extensions merged?

    I know part of the reason is that the desktop extension uses 1Password Mini, and 1Password X has its own interface, but that is the only issue I can think of. And that issue can be simply resolved by either a) requiring the user to use the 1Password X interface, or b) adding an option for supported platforms to use 1Password Mini (which I would definitely use, I love the new mini!).

  • Thomas_UThomas_U Junior Member
    edited April 11

    Thanks Lars, the fog is raising ;-)

    My first follow-up questions (more might come):

    1. Is 1PX started automatically when I start 1PMac?
    2. Do I need to shut off the browser-extensions for 1PX to work properly so I can test? – I'm using Safari, Chrome and Firefox in parallel, all with 1P-extensions.

    I am using the 1password.com account
    macOS 10.14.4 (18E226) · 1Password 7 Mac - Version 7.3.BETA-10 (70300010) - AgileBits Beta

  • LarsLars Junior Member

    Team Member
    edited April 11

    @Thomas_U
    1. No. It's started when you start your browser, like any extension.
    2. Short answer: yes. Shut off the existing 4.7.3.90 extension(s) in Chrome and Firefox.

    Slightly longer answer: there is not now a 1Password X client for Safari, because of decisions made by Apple about what standards to adopt in designing it. Put simply: the necessary standards upon which 1Password X was built were adopted by most other major browsers, but not by Apple when designing Safari, and I'm not sure this will ever be surmountable. If you use Macs primarily and use Safari as your "daily driver" on them, 1Password X is likely not going to be in your future unless you're willing to switch browsers to either Chrome or Firefox, or one of the Chrome derivatives like Vivaldi or Brave. You CAN run both the existing 4.7.3.90 extension and 1Password X in Chrome or Firefox..but I wouldn't recommend it, partly because it's not necessary and partly because it can cause conflicts and unexpected behavior. Long story short: if you have local (standalone) vaults, you'll want to stick with the existing extensions you already have installed. If you use Safari, you'll have to stick with the existing extension, at least for the foreseeable future. If you use Chrome or Firefox, then feel free to experiment! :)

  • Thomas_UThomas_U Junior Member

    I deleted the old extension from Chrome. For a login test I clicked the 1P-macOS-menu-icon and was prompted to install 1PX. Very fine - all features from the video are there!

    In Firefox I found no extension on the add-ons/extensions page but the old icon was there and worked as expected.
    I installed 1PX PasswordManager and it shows on the extensions page. The new icon sits next to the old one in the toolbar but does not work.
    So: Where is the old extension hiding and how can I kill it?

  • LarsLars Junior Member

    Team Member

    @Coder256 - thanks for the question/suggestion. The answer's not as straightforward as it might seem, so bear with me here and I'll try to rein in my tendency toward wordiness. ;)

    One question I have is, why can't 1Password X fully replace the desktop browser extension?

    That's actually been the passion of Dave Teare for a while now: to have 1Password X replace the desktop browser extension...but not in the way I think you're envisioning. Since releasing the 1password.com server backend, it's quickly become not only the best but also far and away the most popular way for newer users to use 1Password. As time goes on, there are fewer and fewer users who still have standalone 1Password data (which is the only way you'd need the "requires companion app" 1Password extension. So in a sense, 1Password X can replace what you called the "desktop browser extension"...by superseding it for the vast majority of users. New features being tested in beta, like Native Unlock - allowing 1Password X to unlock 1Password for Mac - will make the use-case for the older extension even more limited to those who continue using standalone 1Password.

    I know part of the reason is that the desktop extension uses 1Password Mini, and 1Password X has its own interface, but that is the only issue I can think of.

    If it were just that, things might be easier indeed. The underlying issue here is that both 1Password X and 1Password for Mac are essentially clients; they understand how to talk to the 1password.com server and exchange information that way (server - client model). 1Password X has no code to support syncing to 1Password for Mac, and 1Password for Mac has no code to support syncing to an extension (the extension you see in Safari, for example, has no UI of its own; what you see is the 1Password mini. The extension itself is more or less a dumb conduit for the mini). Creating code to allow syncing of 1Password X with local vaults would be a non-trivial amount of work, to put it mildly. We can't just re-use the code from the existing 1Password mini in 1Password 7 for Mac, and neither 1Password for Mac nor 1Password X knows how to behave as server.

    Could it be done? Of course, eventually. There isn't much we can't do that doesn't violate the laws of physics or the rules of the OSes for which we develop. Possibly it couldn't be done by modifying the existing codebase, but given enough time and resources (specifically, developer hours), we could likely accomplish it one way or another. But that's where "possible" diverges from "feasible" and "advisable." As fewer and fewer users continue to maintain standalone vaults, the cost/benefit ratio of such a large undertaking just stop making sense; the number of users who would even potentially be able to make use of this continues to shrink, and those who would actively WANT such a thing is an even smaller number, especially when there is already a perfectly-serviceable extension to accompany the native app for local vault support. The result of all those considerations adds up to this being something I would guess is very unlikely to happen. There are just too many other projects we'd like to pursue to make 1Password better for a much greater number of 1Password users, which would have to be put aside to devote resources to this, to make this something we'd consider attempting without a much larger groundswell of interest in it. Hope that answers your question, but feel free to ask any follow-ups. :)

  • LarsLars Junior Member

    Team Member

    @Thomas_U - Firefox's Tools > Add-Ons menu should get you there; click the Extensions tab in the left sidebar, then you can remove any existing extension. :)

  • Thomas_UThomas_U Junior Member

    There was nothing on the Extensions page but I had old and new 1P icon in the toolbar, the old one working and the new one not. I completely wiped Firefox and all associated files and reinstalled it from scratch, then installed 1PX Manager. Now everything is working just as it should.

  • ag_anaag_ana

    Team Member

    Thank you for letting us know @Thomas_U! I am happy to hear that things are working again :)

    If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • clausclaus Junior Member

    Hello, I also wondered what 1Password X is, thank you for the details.
    I understand it as "more is done inside the browser" by reading from/sending to the 1Pwd-server and not from/to the local app. If this is correct I must admit that I have a bad feeling using it. How can you (or I as a user) be sure that no browser add-on or just a website is not tracking what 1Password is reading/sending/doing (well, if it makes a difference if its the server or the app). Ok, I did not read all comments (and those by Lars, who is a TM of Agile) and I am sure Agile thought and did a lot about and to protect all data. Greets, Claus

  • LarsLars Junior Member

    Team Member

    @claus -

    I understand it as "more is done inside the browser"

    More like "everything is done inside the browser." If you have a 1password.com account and you install 1Password X into Chrome, Firefox or any of the Chrome derivatives (Brave, Vivaldi), you don't even need to install the native 1Password for Mac application. Such a setup (1Password account plus 1Password X in a browser) is a self-contained system. Or it can function as one.

    If you're curious about 1Password security when using a 1password.com account, I'd recommend the full 1password.com security white paper. It's an excellent and very in-depth resource for users to check how 1Password works to keep your data private and secure. Feel free to ask questions. I will say more generally that if your system has been compromised, depending on the level of control gained, there will be things we can do nothing about; once an attacker has gained the ability to execute arbitrary code running as root, your computer can no longer truly be considered "yours." There's a limit to what 1Password can protect against, and that's why we say that security is a process and not a product -- you have to exercise good judgment and follow best practices like not clicking attachments in emails from senders you don't know (or even be careful of suspicious-looking ones from senders you DO know), only install apps from trusted sources such as identified developers and App Stores, and numerous other practices that are well outside the scope of this forum. The basics are what they've always been: stay alert, choose a good Master Password and don't share it with anyone else, don't leave your computer unattended and running, and other precautions. In conjunction with such user-practices, 1Password offers a high level of security for your most-important data.

  • clausclaus Junior Member

    Dear Lars, thank you for these clear words. And a "Sorry" for what I wrote in my last comment. I wanted to say that I read most of the comments quick (and also yours where you go deeper into 1Pwd X). I did not want to say that I have not read yours!
    Ok, I will have a look at the white paper, I will read it and understand little bit more what happens under the surface.
    For me like with many other things I need some time for news and changes - I need to see if it works and how it works. But then, after doing the change I am almost always happy with those. Greetings & Takk from Reykjavík!

  • LarsLars Junior Member

    Team Member

    @claus - as always, you're most welcome. :) Don't hesitate to ask any questions.

  • @Lars - one question: where you said "don't leave your computer unattended and running", are you talking about where there are other people around? Or, in general running (connected to the internet), while you are watching TV or out?!

  • BenBen AWS Team

    Team Member

    @onamac

    From a security perspective ideally any time you're not seated at your computer it would require a password in order to use.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file