[HN Gopher] 1Password Has Raised $620M
___________________________________________________________________
1Password Has Raised $620M
Author : andrewdutton
Score : 586 points
Date : 2022-01-19 14:28 UTC (8 hours ago)
(HTM) web link (blog.1password.com)
(TXT) w3m dump (blog.1password.com)
| mlindner wrote:
| 1Password lost me when they went subscription model and required
| mandatory servers on their system to keep it running. It went
| from being one of the best password storage solutions to one of
| the worst. I'm still using 1Password 6 as that was the last
| version which could run offline.
| bluescrn wrote:
| In the pre-cloud days, Dropbox was the go-to option for syncing
| 1Password. But Dropbox have also restricted their free offering
| (3-device limit) since then.
|
| I didn't mind paying for 1Password so much, it does its job
| well across multiple platforms and devices, and it got me away
| from some very bad password habits.
|
| But I don't use Dropbox any more.
| fideloper wrote:
| Microsoft should buy them.
| fjni wrote:
| Use a tiny portion of that to continue support for local, non-
| cloud-based vault files please.
| alexnewman wrote:
| I switched from pass to 1password because my family kept on
| losing the password. 1password family plan is badass.
| peruvian wrote:
| Good for them, but not sure why they need so much money for a
| 100% paid product.
| goatcode wrote:
| Is there any practical way for anyone but the user to access any
| of the stored info?
| germinalphrase wrote:
| Has anyone migrated easily between password managers? Manually
| entering my (hundreds?) of unique logins/passcodes would be quite
| a chore.
| cupofjoakim wrote:
| When I went from lastpass to bitwarden I could simply export
| all my passwords to a json file and import them to bitwarden. I
| think it took like five minutes or something like that.
| simon1573 wrote:
| Bitwarden is a really nice password manager. It can import from
| 1Password: https://bitwarden.com/help/article/import-
| from-1password/
| beart wrote:
| Bitwarden has an import option that will pull from a lot of
| other password managers. However, it definitely isn't perfect.
| jwineinger wrote:
| What parts don't you like? I'm considering migrating to
| something else after this news
| npteljes wrote:
| 1Password seems to have an Export function which can agree with
| the KeepassXC's Import one, for example.
|
| https://ryannickel.com/html/migrating_from_1password_to_keep...
| PapaSpaceDelta wrote:
| I recently migrated from 1Password using Dropbox for sync, to
| KeePassXC (Windows, Linux & Mac) and Strongbox (iPhone & iPad)
| still using Dropbox.
|
| Migration was a simple matter of exporting a CSV and then just
| correctly selecting the column order for KeePass import.
|
| For those who don't want to trust a third party, even with
| their encrypted data, I believe that home NAS sync-when-
| available is possible - I personally haven't tested the
| implications of syncing changes from multiple devices at the
| same time in that scenario.
| rcarmo wrote:
| I exported successfully from 1Password 6 onto Secrets and
| KeePassXC. Only thing missing were software licenses (some
| attachments may not carry over correctly or show up as notes).
| andrew_eit wrote:
| I can see the use case for these online password apps.
|
| But I can't for the life of me understand why KeePass isn't the
| defacto gold standard.
|
| It's secure, open source and you have control over the data. I
| would never for the life of me think of storing my important
| passwords with a company ever. Am I over reacting?
| fmakunbound wrote:
| Am I missing anything with 1Password, already using Bitwarden?
| tempodox wrote:
| This kind of announcement tends to ring all kinds of alarm bells
| for me. What kinds of changes should we expect to make those huge
| investments worthwhile for the investors?
|
| My 1Password installation is grandfathered from a time when it
| was just a standalone app, without subscription. Will it just
| stop working one day to bully me into subscribing? Can you even
| start using 1Password these days without buying a subscription?
| I'll have to start looking for alternatives today.
| deagle50 wrote:
| Apparently v8 is subscription-only.
| casenjo wrote:
| Unfortunately yes. You'll still be able to use your license but
| once that version becomes incompatible with your OS you won't
| have a choice but to upgrade. I'm disappointed I won't be able
| to keep the Dropbox sync in 1Password 8. They did have this
| survey to gauge interest in self hosting it:
| https://survey.1password.com/self-host/
| MAGZine wrote:
| The Dropbox integration to me became worthless after Dropbox
| limited the number of devices it would sync to on the free
| plan.
|
| If I can't have my passwords everywhere, then the value
| delivered drops off a cliff
| mdaniel wrote:
| I don't have the old version installed anymore in order to
| check, but I _thought_ that 1P only required that you
| authenticate to Dropbox (since the app just uses the
| Dropbox API for polling and to pull down changes), not that
| you turn on syncing. I mean, it 's possible Dropbox is so
| sick they count a signin as a new device, but that would be
| a grave disappointment
| frosted-flakes wrote:
| You can sync local vaults any which way. I personally use
| Syncthing, but any file syncing service would work.
|
| On another note, I've been using 1Password for years, for
| free. The mobile app can edit local vaults without signing
| in, and the desktop program can view local vaults in read-
| only mode. If I want to edit or add a password, I do it on
| my phone--it's not worth $150+ to be able to do it on my PC
| a few times a year.
| ojilles wrote:
| Filled it out, likely not to move any needles, but at least I
| did a thing. Thanks Casenjo for pointing out the survey.
| cletus wrote:
| Back in the early smartphone days one of the last mobile games
| that I recall that simply cost money and didn't nag you for in-
| app purchases was Angry Birds. You may be tempted to correct me
| because modern Angry Birds looks nothing like this. Trust me, it
| was once $1-5 and that was it. And it was pretty popular for a
| time.
|
| Anyway around this time Rovio (the game studio) raised $42M [1]
| and I distinctly remember thinking "well that's a huge mistake"
| and "this is the end".
|
| Companies that produce creative content just don't scale in a way
| that's compatible with VC. I include game studios and content
| creators like Netflix in this. Netflix is a prime example of how
| you just can't throw money at creating content and become HBO.
| While I agree with Netflix's need for original content, it's
| become so expensive that their monthly subscription is now too
| expensive for many to just have and ignore (with the recent price
| hike it's more expensive than HBO Max).
|
| Anyway, I use 1Password having previously used LastPass and pay
| for it. I have a bad feeling about this funding round because
| what can possibly justify it?
|
| To those who argue there are free alternatives, that's true but
| any I've used just aren't as good. It's not just generating and
| storing a password and filling out a form. So many companies have
| subtleties that make this annoying. Maybe it's the username on
| one page and then password on another. Or the form filling out is
| incompatible with some shitty Javascript or whatever. This is the
| real value of 1Paswword.
|
| And can I just complain for a second about how some sites (I'm
| looking at you American Airlines) add a third field (surname for
| AA) for no reason whatsoever, which is just awkward for a
| password manager.
|
| I did learn from this post about the Fastmail integration to
| automatically create one-use passwords. This is a feature I've
| long wanted and I'm surprised that Gmail doesn't do this because
| it seems like such an easy win for users. I may have to sign up
| for that.
|
| [1]: https://www.reuters.com/article/rovio-accel/angry-birds-
| crea...
| rcarmo wrote:
| Friendly reminder that I have a list of alternatives here:
|
| https://taoofmac.com/space/apps/1password
|
| (I am now using Secrets while trying out iOS-friendly KeePass
| implementations)
| drcongo wrote:
| Secrets was my favourite out of every password manager I
| tested, it's like 1Password before they started removing core
| functionality and implementing useless features requested by
| someone in marketing. It's only missing the ability to have
| shared vaults which sadly is key to my needs.
| rcarmo wrote:
| And for me, a Watch app :)
| teewuane wrote:
| I love 1password :)
| MattGaiser wrote:
| 1password handed out a $70 off $70 purchase (or the approximate
| cost in CAD of their family plan) Amex credit last year. Paired
| with Rakuten, I made a profit by purchasing it. Now I can see why
| they did it.
| fxtentacle wrote:
| "1Password Has Raised $620M"
|
| Ah fuck. They now need to grow at any cost to earn all that money
| back. And they'll throw their users under the bus, if they have
| to, because it's either grow like a unicorn or go bust.
|
| Also, I sincerely have no clue how a password manager could be so
| expensive. Last time I checked, the excellent KeePassXC was still
| free open source and developed by volunteers in their free time.
| How come 1Password needs the equivalent of 7750 years of $80k
| annual salary to build the same?
| momenti wrote:
| It's so valuable because knowing lots of people's passwords is
| useful for mass surveillance, cyber attacks, industrial
| espionage etc.
| p2t2p wrote:
| I just hope Apple's password management will finally catch up
| by the time 1Password goes to toilet.
| xfz wrote:
| > Ah fuck. They now need to grow at any cost to earn all that
| money back. And they'll throw their users under the bus, if
| they have to, because it's either grow like a unicorn or go
| bust.
|
| Agreed, an outbreak of featuritis is almost guaranteed. The
| core product works well for the job intended, but I don't want
| to be bothered with an expanding scope and the inevitable spam
| promoting the features that I don't really need.
| Joeri wrote:
| The move to an electron client was a clear indication they
| intend to add lots of features. If they were more or less
| feature complete they would have not bothered with an
| electron rewrite.
| chrisma0 wrote:
| Big fan of KeePassXC
| (https://github.com/keepassxreboot/keepassxc). Works
| wonderfully on MacOS. I guess 1Password is a bit snazzier, but
| I'm really not sure what you would use $620M for in a password
| manager...
|
| Maybe they'll go the Keybase route and integrate some crypto?!
| (https://keybase.io/blog/keybase-stellar-launch)
| chipotle_coyote wrote:
| > Maybe they'll go the Keybase route and integrate some
| crypto?!
|
| Well, congratulations, you just proposed a scenario that
| would make me consider leaving 1Password after all. :)
|
| Seriously, I _am_ somewhat concerned at this level of VC
| money injection; I 'm not intrinsically against venture
| capital or such, but investors (obviously) want a return on
| their investment and it's hard to imagine how you get a
| return on _that much_ investment with just a password
| manager, even one that 's a subscription service.
|
| (I am also not intrinsically against crypto and wouldn't
| really abandon a service just because they do something that
| involves it, but most blockchain technology continues to feel
| like a solution in search of a problem. That's another
| discussion, though...)
| NoThisIsMe wrote:
| I think BitWarden is a better comparison -- it's SaaS (and
| thereby dead simple to get set up w/ cloud sync), but it's
| reasonably priced with a solid free tier, and open source to
| boot.
| qbasic_forever wrote:
| It's more like they need 3750 years of $80k salary and 100
| years of ~2.5 million salary for a dozen execs and board
| members.
| maxwell86 wrote:
| > I sincerely have no clue how a password manager could be so
| expensive.
|
| So you can't imagine how owning the passwords of all services
| of dozens of millions of users, both private users and
| corporate accounts, could be valuable?
| AlexandrB wrote:
| > So you can't imagine how _owning_ the passwords...
|
| Emphasis mine.
|
| That's the thing that bugs me about 1Password's recent moves.
| They don't _own_ my passwords and I don 't want them to own
| them. They're _my_ passwords, and I want to store them how I
| want. Not be at the whims of 1Password 's business strategy.
| john_moscow wrote:
| >How come 1Password needs the equivalent of 7750 years of $80k
| annual salary to build the same?
|
| It will go to all-expense-paid trips, consultancy fees and
| other things you need to eventually get acquired for $10B+ by
| one of the big players.
|
| Or maybe, they will pivot, spend $300M on advertisement, so
| every grandma gets to know the brand name, and will then do an
| IPO, presenting it as the next opportunity of lifetime to the
| unsophisticated public.
|
| This is how you make money in the post-2008 world. The actual
| old-school profitability has been out of the picture for quite
| a while now.
| ojr wrote:
| So correct but also post-2008 underrepresented founders need
| profits more than ever because they don't fit the narrative,
| applications like Canva being female-led and Calendly having
| a black male CEO are examples.
| colesantiago wrote:
| They were profitably bootstrapped for years and then chose the
| VC route, no clue why but perhaps the founders wanted a huge
| pay package.
|
| Then things went downhill.
| dilap wrote:
| Spot on. What's the best thing to migrate to?
| [deleted]
| WaxedChewbacca wrote:
| sunsetandlabrea wrote:
| Bitwarden for me. I've been using 1Password from around 2013
| I think. I didn't buy into their subscription model so
| they've been gouging me with difficulties and cost in buying
| upgrades for a few years.
|
| Apparently they have 500 members of staff these days, and
| millions and millions of investor dollars. Apart from
| maintaining browser extensions, for my own personal use I've
| not noticed a single interesting feature in recent years.
|
| I moved to Bitwarden when the electron thing was announced,
| haven't paid any subscription yet and seem to have all the
| features I used before in 1Password. Bitwarden is very much
| recommended and I wouldn't recommend 1Password to anyone
| these days.
| wilkommen wrote:
| KeePass
| nanna wrote:
| KeePassXC
|
| https://keepassxc.org/
| npteljes wrote:
| BitWarden has a similar feature set as far as I understand
| it. You can even host it yourself.
| qbasic_forever wrote:
| Keypass + Syncthing to get the database on all your devices.
| This combo has worked flawlessly for me for over 5 years now.
| I sync to all kinds of devices too including android phones.
| jillesvangurp wrote:
| Bitwarden for private password managers and something keepass
| based for shared passwords in small teams works great. We use
| Keeweb with a keepass database on a shared Google drive. I
| put the master password for that in Bitwarden.
|
| I guess for bigger enterprises you might like something with
| a bit more fine grained access control and auditing features.
| E.g. rotating the master password is a bit of a PITA. I
| actually did that this morning because somebody in our team
| left.
|
| Most companies would want some kind of solution and most
| bigger companies would likely end up paying for something.
| chaorace wrote:
| I'll vouch for BitWarden. You can self-host or use their
| cloud offering. The server software and all of the clients
| are open source.
|
| I've personally been using the cloud offering for several
| years now and feel quite satisfied with it. The free tier is
| generous, the premium tier is very affordable, and I can
| export my data to a self-hosted instance anytime I like.
| kspacewalk2 wrote:
| Because cloud and enterprise.
|
| Sure, labour costs are expensive in our industry. But it's
| under-appreciated that once you need physical infrastructure,
| sales and enterprise support, that really tends to eat into
| your millions.
| chrisshroba wrote:
| Please excuse my ignorance about this, but what do "cloud and
| enterprise" costs entail? Password managers seem to me like a
| pretty basic CRUD app. I'd imagine the average user has a few
| KB's max stored, and data transfer is presumably very small
| (no images/video/other binary data). And enterprise users are
| presumably running the infra on-prem so I'd think the main
| costs have to do with support.
|
| Is marketing the thing with the huge price tag, or are there
| other huge costs I'm not thinking of?
| Spivak wrote:
| I'll use a past life as an example; 150 person company --
| 20ish people in engineering total: 5ish on doing infra, and
| 3 dev teams of 5ish working different verticals.
|
| Then you have leadership, sales, marketing, HR, finance,
| support, and retention. By a huge margin sales, support,
| and retention were the largest. B2C is marketing heavy, B2B
| is sales heavy. If you're both then well..
|
| Engineering can be really lean with respect to the number
| of customers/clients but the rest of the business can't.
| fps-hero wrote:
| Could you even raise those funds If you sold every password
| they control on the dark web?
| city41 wrote:
| > How come 1Password needs the equivalent of 7750 years of $80k
| annual salary to build the same?
|
| Can't you say the same about Linux vs Windows, Gimp vs
| Photoshop, PostgreSQL vs Oracle, Godot vs Unity, etc?
| devwastaken wrote:
| Yep, this will go the same way as LastPass sadly. This kind of
| company must have a steady positive revenue stream from it's
| customers. If not, it is not reliable. They will not be paying
| this back any time soon.
|
| Fine by me, 1password was too expensive to begin with. Sad to
| see they're wasting it.
| jonathankoren wrote:
| >And they'll throw their users under the bus
|
| They already through their consumer users under the bus when
| they switched to a subscription business.
|
| I haven't upgraded since v6, and I plan to avoid it as long as
| I can.
| baryphonic wrote:
| > Also, I sincerely have no clue how a password manager could
| be so expensive. Last time I checked, the excellent KeePassXC
| was still free open source and developed by volunteers in their
| free time.
|
| Because 1Password is easy enough to use that my wife and I can
| share a family plan without her getting frustrated. If one of
| us has a login the other needs, we can easily share it. When I
| evaluated KeePass, the Wife-Acceptance Factor (WAF) was not
| there, though maybe it's improved.
| InvaderFizz wrote:
| There is the WAF. There is also the part where when I
| evaluated KeePassXC two months ago, the browser plug-in would
| constantly desync and require a full page refresh and
| entering my master password.
|
| With 1Password, I also have to reauthenticate all the time,
| but unlike KeePass, TouchID works.
| yborg wrote:
| TouchID works fine for me in KeepPassXC. You have to turn
| on the option.
| tibiahurried wrote:
| We use BitWarden and it is free. $620M for a password manager
| is nuts.
| amir734jj wrote:
| Agreed. It's beyond nuts evaluation at this point.
| qwertyuiop_ wrote:
| All that Fed money supply has to go somewhere.
|
| https://fred.stlouisfed.org/series/M1SL
| dahart wrote:
| BitWarden is not free if you compare apples to apples, and
| sign up for the same features including cloud hosting, 2FA,
| and family or enterprise accounts.
|
| $620M isn't for a password manager, it's financing for a
| business with an enormous and growing user base.
| TaXaZ wrote:
| Bitwarden is free for individuals and couples. So, it's
| free user-friendly (WAF!!) wise [0] in comparison to
| 1pass [1]. But much more important thing is the fact that
| bitwarden is open source and 1pass not. Closed source is
| deal-breaker for me.
|
| [0] https://bitwarden.com/pricing/ [1]
| https://1password.com/teams/pricing/
| wutwutwutwut wrote:
| Bitwarden free edition is free. The free edition is
| crippled and doesn't support Yubikey among other things.
| toyg wrote:
| "Crippled" is a big word. It does everything that KeePass
| would do, for example; it only falls short when it comes
| to sharing passwords among a group or family (you can
| send a secret via BW Send, but you cannot have a shared
| store unless you pay for Premium).
|
| Yubikey and its likes are advanced features that the
| overwhelming majority of regular users will never need.
| wutwutwutwut wrote:
| It is? I thouht it was the proper word to use to describe
| software which has limited features in free version so
| they can sell commercial licenses.
| borski wrote:
| "Limited" is better. "Crippled" has a negative
| connotation when it comes to software.
| ziml77 wrote:
| I thought that it had all the same features, just not
| cloud sync. As far as I know the Yubikey is used for
| authenticating with their sync server. It doesn't
| actually help with the encryption
| commoner wrote:
| Bitwarden's free plan does have end-to-end encrypted
| cloud sync with no device limit. The free plan lacks TOTP
| support, but Bitwarden's $10/year plan does include TOTP
| support and is cheaper than 1Password's $35.88/year plan.
| Bitwarden is also open source, while 1Password is not.
| wutwutwutwut wrote:
| Bitwarden free has TOTP.
| commoner wrote:
| I'm referring to Bitwarden Authenticator, which stores
| TOTP secrets and displays 6-digit codes like Google
| Authenticator does.[1] This feature requires a Bitwarden
| Premium account, with the $10/year plan being the
| cheapest option.[2] (Self-hosting through Vaultwarden is
| another option.[3])
|
| This is separate from having TOTP 2FA on the Bitwarden
| account itself, which is available on the free plan.[4]
|
| [1] https://bitwarden.com/help/authenticator-keys/
|
| [2] https://bitwarden.com/pricing/
|
| [3] https://github.com/dani-garcia/vaultwarden
|
| [4] https://bitwarden.com/help/setup-two-step-login/
| mbesto wrote:
| For something as important as protecting passwords, why
| on earth would you want something that _is_ free?
| cycomanic wrote:
| Well let me ask the much more obvious question, for
| something as important as protecting your passwords, why
| on earth would you go with a proprietary service where
| you have no idea about the security, that could take away
| your access at a whim without any recourse for you?
| sebastien_b wrote:
| Because much like privacy, password security shouldn't
| always be only a premium option.
|
| Plus like the parent said, proprietary code is a deal
| break for lots of people.
| mbesto wrote:
| > Because much like privacy, password security shouldn't
| always be only a premium option.
|
| So then who foots the bill? Password managers are the
| duct tape used to protect a user _because_ we don 't
| inherently trust application providers.
|
| > proprietary code is a deal break for lots of people
|
| Sort of. First, "lots of people" seems like "lots of
| people" because we're on HN. The wider population doesn't
| care whether your application is proprietary or not -
| they just want something that works. Apple's wall garden
| is proof of this. Second, you can still charge for a
| product _and_ it be open source. An application being
| open source simply provides an audit log of the code and
| allows for "wisdom of the crowd" when it comes to bug
| and security issues. So yes I agree that having a
| password manager be openly auditable is a great feature,
| but I (and many others) likely would rather have the
| features of strong UX and known tenure (OSS tools get
| abandoned all of the time) then we would having an
| auditable source code.
| sebastien_b wrote:
| > _So then who foots the bill?_
|
| Whoever wants to pay. Doesn't mean a product should be
| dismissed simply because it's "free".
| commoner wrote:
| Bitwarden does charge for certain features like TOTP
| support, organizations, and enterprise features. They
| manage to have subscription income while remaining open
| source, whereas 1Password chooses to keep its code closed
| source.
|
| If you are saying that Bitwarden is worse because it
| offers a free plan, I disagree. It's nice that Bitwarden
| offers a security-audited* password manager to those who
| can't afford a subscription, who aren't ready to pay for
| one, or who don't have the means to make payments online.
| Unlike 1Password, Bitwarden is not pressured to deliver
| high returns to venture capital firms, and Bitwarden can
| focus on providing its product to its users at superior
| price points.
|
| * https://bitwarden.com/help/article/is-bitwarden-
| audited/#thi...
| sebastien_b wrote:
| > _Unlike 1Password, Bitwarden is not pressured to
| deliver high returns to venture capital firms, and
| Bitwarden can focus on providing its product to its users
| at superior price points_
|
| Well said - and this is the important part of the 'non-
| proprietary' argument of mine (above) - right now I
| consider 1Password's real customers being their
| shareholders/investors, _not_ its users - the users are
| just another tool they use to bring value to their _real_
| customers (investors,etc.).
|
| BitWarden's customers are their actual users.
| mbesto wrote:
| > If you are saying that Bitwarden is worse because it
| offers a free plan, I disagree.
|
| For the record, I'm not. The overall discussion was that
| charging for a product was somehow bad. Bitwarden _does_
| charge for their product, just at higher tier levels. My
| bigger point is that you do want a provider that is going
| to stay solvent so charging money (which Bitwarden also
| does) is not some perverse way of satisfying customers.
| xfer wrote:
| People and businesses are storing their data that these
| passwords protect using free operating systems.
| ValentineC wrote:
| I'm looking forward to Bitwarden implementing multiple
| account logins ("client profiles") [1] on their roadmap
| [2], before doing a gradual switch away from 1Password. Any
| time now!
|
| [1] https://community.bitwarden.com/t/account-switching-
| log-in-w...
|
| [2] https://community.bitwarden.com/t/bitwarden-
| roadmap/12865
| fredley wrote:
| Yup. In fact just today my partner was struggling witha
| problem with 1Password that she uses at work, asking why it
| wasn't as simple as BitWarden.
| skinnymuch wrote:
| That's likely because they are used to BW first and was
| learned at home. This sort of "phenom" happens all the
| time and is not only about the actual product.
|
| There will be exact examples of the opposite happening.
| decrypt wrote:
| I like Bitwarden too, but can't dismiss the fact that
| 1Password is superior to Bitwarden in many ways:
|
| - Mobile UI is beautiful on 1Password.
|
| - The UX from creating a password entry to auto-filling is
| easily better on 1Password. Bitwarden doesn't show autofill
| entries on login forms yet. That's a deal breaker, at least
| for me.
|
| - Account recovery via a trusted family member.
|
| - Additional security measure: private key in addition to
| master password.
|
| Personally, the 35 USD fee is justified.
| arrosenberg wrote:
| > Bitwarden doesn't show autofill entries on login forms
| yet. That's a deal breaker, at least for me.
|
| I was able to enable that in the settings, but I've found
| it very hit or miss compared to when I used LastPass.
| decrypt wrote:
| I meant the overlay popup interface which is still in the
| works:
|
| https://community.bitwarden.com/t/overlay-popup-
| interface/14
| josephd79 wrote:
| Bitwarden has all those features you listed. I use it
| every day.
|
| You can setup a trusted family member. You get a master
| password and private key incase you can't access 2fa. You
| can setup autofill entries. UI/UX are opinions.
|
| You pay $40 dollars a year for Family, $10 a year for an
| individual. Cheaper than 1password.
| decrypt wrote:
| I meant the overlay popup interface by autofill on login
| forms:
|
| https://community.bitwarden.com/t/overlay-popup-
| interface/14
|
| Noted about trusted family members on Bitwarden.
|
| I don't understand the private key part for Bitwarden. I
| am referring to the one here:
|
| https://support.1password.com/secret-key-security/
|
| Is there an equivalent for Bitwarden?
| folkhack wrote:
| Hopping aboard to add that Bitwarden does in fact have
| all of those features. It's disingenuous of parent
| comment to imply/claim otherwise.
|
| Sure the UI/UX is a bit basic... but honestly most of us
| should prefer that.
| throwaway64643 wrote:
| You think they'll keep that price for forever?
| hotpotamus wrote:
| I bought Lastpass when it was $12/year. Over the years
| and after being acquired, they tripled the price. I miss
| when technology used to decrease in price and provide
| better functionality.
| decrypt wrote:
| Hopefully so, but I'd be willing to pay even upto 100
| USD. I store a lot of things on 1Password these days that
| it's very hard to give up, and very convenient. It's not
| just passwords; medical documents, credit card details,
| passport, certificates, private notes.
| cgriswald wrote:
| They certainly won't. They used every trick in the book
| to get those of us who bought their standalone, one-time
| fee software to subscribe.
| aweiland wrote:
| Same. Works great for my wife and I.
| ryall wrote:
| It's funny you mention WAF because that's exactly what kept
| me away from 1password.
|
| I loved almost everything about 1P but their reluctance to
| authenticate with keychain means it's a PITA for me, and an
| absolute deal breaker for my wife.
|
| Has this changed or do you still have to enter your 1P
| password every time you log in or your session times out?
| textcortex wrote:
| I think VCs are also making their decisions based on that
| "WAF" factor.
| lkxijlewlf wrote:
| bigyikes wrote:
| Sounds like the Lkxijjlewlf Acceptance Factor (LAF) is also
| very low. You have something in common with the parent's
| wife!
|
| The parent did no shaming; as you pointed out it's
| extremely reasonable to not want to jump through hoops. Any
| shame is projected by yourself.
| kdmccormick wrote:
| Yeah, GP's acronym ain't great. But if you sub out "wife"
| for "significant other" or just "family" then you have to
| admit that this is a real phenomenon.
|
| I use pass [0]. To me, it is the best password manager that
| I've ever used. Command-line-first, free & open source,
| built on git... it's great, and suits all my needs. From
| the perspective of someone who spends most of their day
| behind a CLI, it is "simple" and "just works" more than
| anything else.
|
| But it's not going to work for my significant other, who is
| very intelligent but isn't a software engineer. They're not
| going to learn git so that they can manage passwords, and
| the app doesn't abstract away git enough for them to avoid
| needing learning it. Hence, despite its merits, it fails
| the "SO acceptance factor" or whatever you want to call it.
|
| [0] https://www.passwordstore.org/
| rrrrrrrrrrrryan wrote:
| I always thought the term was at least a little self
| deprecating; it definitely and doesn't mean "dumbed down so
| the stupid wife can actually use it."
|
| There are a lot of technical enthusiasts and hobbyists,
| mostly dudes, who optimize for dumb parameters that nobody
| in the real world actually cares about. In this case,
| setting up a clunky, but fully open source password
| manager, when there are alternatives with objectively
| better UX available for relatively cheap (considering you
| use the thing many times each day).
|
| In the home theater world, for a long time guys would brag
| about the disgusting monstrosities they've jankily hooked
| up in their living rooms, but a setup with high WAF means
| building something that's actually aesthetically appealing
| and congruent with the interior decor, hidden cords, not
| having to switch between 4 remote controls, etc.
|
| But you're right - it should probably be SAF (Spouse
| Acceptance Factor).
| toyg wrote:
| SAF is taken by Sir Alex Ferguson, sorry mate
| wreath wrote:
| My wife has this problem. I have a bit more tolerance.
| There is no else I try to convince to use such software.
| WAF is accurate but because I don't run it by someone else.
| throwmeaway666 wrote:
| >I, a computer programmer who has more than enough
| intelligence >Stop blaming/shaming wives.
|
| It seems like it is you who is equating tech illiteracy
| with intelligence, pal. There is nothing wrong with being
| technically illiterate (most people are) and I don't think
| GP is shaming his wife because of it.
| Gwarzo wrote:
| Stop morality projecting on others. Having something your
| untechnical wife is willing/able to use matters.
| viscanti wrote:
| Same thing with email. Everyone COULD run their own email
| server but it's pretty clear most people don't want to. We
| also see it with tech companies running their own servers.
| Again they COULD runt heir own hardware (and some do) but
| it's pretty clear most companies don't want to. There are
| decades of examples of where people could run something
| themselves and having very strong preferences for using a
| centralized and more user friendly alternative. I don't
| know why we'd expect it to be any different here.
| fshee wrote:
| I wouldn't assume the phrase is casting a value judgement.
|
| I hear the phrase from time to time in aviation. "Have to
| sell the first plane" / "Doesn't pass the WAF" / "Wife
| thinks owning two planes it too expensive." I have no
| reason to believe these folks are not in a loving
| relationship.
|
| Nothing to do with intelligence.
| 4ggr0 wrote:
| If I may chime in, and sorry for acting like an annoying
| dude, but I also really dislike the term WAF. Of course the
| term makes sense if we look at IT and the world
| historically, but I don't get why in 2021 we still have to
| act like wives are tech illiterate by default, and also,
| what about women in IT who have tech illiterate husbands.
| [deleted]
| api wrote:
| Nerds continue to fail to grasp the value of UI/UX. This has
| _always_ been why FOSS and similar solutions have failed to
| compete in the market in spite of being "free" and often
| technically superior.
|
| UI/UX is everything. Apple became the most valuable company
| in history on the back of UI/UX alone. Their tech is decent
| but not _that_ much better than anyone else 's, but their
| stuff is at least marginally easier to use and that's worth
| more than the GDP of quite a few countries combined.
|
| The importance of user experience is only growing as the
| world becomes more and more time poor and we move more and
| more into an "attention economy." Saving _seconds_ counts. If
| it doesn 't work instantly it's broken, period.
|
| Here's two ways I can explain it:
|
| (1) If you value your time at $100/hour and you have to spend
| one hour a month maintaining something "free," that free
| thing costs $100/month. That's fairly expensive. It only
| makes sense to do this if you have a lot of surplus time on
| your hands.
|
| (2) If you have ten million users and make a UI/UX
| improvement that saves them one minute a month and you value
| their time at an average of $50/hour, you just created about
| $8.3 million in value since that's the value of the time you
| just saved.
|
| A rule of thumb that I use is that every step required to do
| something halves adoption. So if you have a 10 step install
| process, only 1 out of 1024 people who look at your product
| will make it to trying it.
|
| Every developer needs to have "user experience is everything"
| tattooed on their forehead.
| vbezhenar wrote:
| I ditched 1Password in favour of KeePass exactly because of
| UX issues. 1Password felt too magical and did too much
| implicit stuff to my taste. KeePass is dumb simple and
| that's what I need from password manager. I hope that its
| UX will not change.
| bengale wrote:
| This is accurate. We charge twice as much as our competitor
| and we consistently hear from customers that UI/UX is a
| massive part of the reason they choose our system.
| idkwhoiam wrote:
| Re #1. People normally maintain their dish washers, cars,
| and software off work hours.
|
| Edit: agree with the rest
| brimble wrote:
| > UI/UX is everything. Apple became the most valuable
| company in history on the back of UI/UX alone. Their tech
| is decent but not that much better than anyone else's, but
| their stuff is at least marginally easier to use and that's
| worth more than the GDP of quite a few countries combined.
|
| Huh, to me it's both. The UI/UX wouldn't be worth shit if
| their software ate battery like it was free, crashed often,
| was frequently janky, hogged resources to the point of
| being a problem, or all the fancy features underlying their
| UX didn't work pretty damn well without user fixing or
| intervention. Software quality is _part of_ why their UX is
| so good, not just design languages or whatever. You don 't
| get their level of auto-magic if you haven't done a whole
| bunch of things very right in the underlying code &
| architecture.
|
| They're far from perfect (practically all consumer-facing
| software is at least _kinda_ bad, IMO) and one can point to
| a handful of duds that they just can 't seem to get right
| (Xcode, for instance) but I'd put software quality as my
| _number one_ reason for using them, and I 'd point to that
| as an absolutely vital element in their UX being well above
| average. It's that _combo_ that no-one else seems able to
| touch--in fact, it often seems like no-one else is even
| trying, and I really wish they would.
| r_hoods_ghost wrote:
| I think you understate your case. A lot of nerds and nerd
| culture is actively hostile to making things easy to use
| and will intentionally erect banners and over complicate
| systems in order to keep "normies" out and make themselves
| appear smart.Its rather sad really.
| b3morales wrote:
| > If you value your time at $100/hour and you have to spend
| one hour a month maintaining something "free," that free
| thing costs $100/month. That's fairly expensive.
|
| This is quite true, but the counterpoint is that nerds
| _enjoy_ spending that time. We like opening the box, poking
| at the wires, seeing how the cogs fit together, and
| tweaking things endlessly. It would be a liability for a
| normie, but for a nerd whose interest is piqued it 's a fun
| Saturday project. This is why FOSS survives _despite_ the
| UI /UX problems.
| apozem wrote:
| Not the person you were replying to, but I completely
| agree. I had fun setting up my Raspberry Pi as a Plex
| host / torrent box / home server.
|
| Where us hobbyists go wrong is thinking any large
| percentage of customers want to do that. Any amount of
| futzing is too much. Most people want it to "just work."
| bjord wrote:
| I'm gonna frame this and put it on my wall.
| Sytten wrote:
| I made the same argument below but I was downvoted to hell.
|
| Bitwarden is not an alternative to 1Password that passes
| the wife/parent/elder test because the UX is so bad they
| need to call me everytime something isnt exactly working as
| before.
| cyberpunk wrote:
| Really?
|
| I mean, I have 1password for work, and Bitwarden for
| personal..
|
| Spot the difference: https://imgur.com/a/wJQBDjV
| Saris wrote:
| A few things come to mind (I use bitwarden myself).
|
| - "Folder: No Folder" is a bit confusing, it would be
| better to just require a folder when creating an entry.
|
| - Collections vs folders is also a little confusing
| unless you spend time to figure it out.
|
| - 1password shows the password reuse notice right there,
| instead of needing to go the web vault of bitwarden and
| specifically click on tools.
|
| - 1password shows the password strength right in the
| entry as well.
|
| - 1password has nicer display of the items in the vault,
| with sections by letter.
| kerng wrote:
| Unfortunately true.
|
| I really hope that Bitwarden improves their UI and UX,
| because I really want to like it. But their Collections
| and sharing feature is very unclear, especially once
| multiple people/orgs are involved.
|
| I'm afraid to use it because they co-mingle everything in
| UI and I dont accidently want to share a personal
| password with another org.
|
| Being worried of sharing a password accidently is very
| scary UX
| api wrote:
| You were downvoted to hell because nerds continue to
| refuse to understand this. At this point it's flat out
| denialism.
|
| This refusal to understand UI/UX goes way way back in
| hacker culture:
|
| http://catb.org/jargon/html/P/point-and-drool-
| interface.html
|
| This seems to be a general characteristic of enthusiasts.
|
| To design a good car for people other than car
| enthusiasts, you have to hate cars or at least be able to
| place oneself in the shoes of someone who hates cars.
| People who don't love cars want a car that makes them
| think about cars as little as possible. The purpose of a
| car is to carry you from one point to another, not to
| make you spend time on cars.
| Gracana wrote:
| Maybe name-calling and suggesting they should be
| mutilated isn't enough. What's your next step?
| api wrote:
| There isn't one. I will continue to say this, people will
| continue to ignore it, and the computing ecosystem for
| the average person will continue to be locked down by
| corporations that do not ignore it. Free, open, and
| privacy respecting technology will remain irrelevant
| outside enthusiast techie circles.
|
| It's a bit like climate change. Scientists will warn,
| people will ignore, and then we will abandon Miami and
| will probably blame the scientists.
| mjmsmith wrote:
| Having "tattooed on their forehead is a metaphor"
| tattooed on their forehead?
| Gracana wrote:
| Excellent, problem solved. I was thinking somebody would
| have to contribute UI changes to an open source project,
| but it turns out flaming people on the internet is much
| easier.
| ericd wrote:
| Maybe it's because Bitwarden's UX is actually quite good?
| I found 1password's to be substantially worse when I
| tried it a few years ago, especially on non-Apple
| devices. Perhaps that's changed, but for something so
| heavily touted for being well designed, I found it to be
| very disappointing.
| RHSeeger wrote:
| That's my thought, too. What about BitWarden's UI do
| people not like? It's simple to use and clear what
| everything does.
| abletonlive wrote:
| I can't stand nerds that fundamentally can't learn this
| nuance. It's like the biggest blind spot ever. There are
| just so many of them in the tech industry working as
| software engineers, which is why we have powerful tools
| that are a pain in the ass to use. It makes me hate
| software engineers, and I am one.
| DangitBobby wrote:
| Really? I use both (Bitwarden for personal, 1Password for
| work) and find the UI for Bitwarden to be more complete
| and consistent. Like if I want to edit a login item, I
| must open a new browser tab in 1Password. Not so in
| Bitwarden. I still can't figure out how to consistently
| trigger the workflow to add a new login for the current
| website automatically without opening a new tab in
| 1Password. You click "Add Login" in Bitwarden.
| desmondl wrote:
| Agreed, I used lastpass in 2016 and tried to switch to
| keepass. I'm more than technical enough to use keypass
| and sync a vault across all my devices, but I needed this
| to be as easy as possible. I know myself enough to
| understand if something doesn't feel as easy as humanly
| possible, I'm much less likely to use it. A decent chunk
| of people are not like this, which is why I believe there
| is this huge debate over "Keepass vs 1Password". But
| anyway, I switched to bitwarden and the UX was more than
| good enough for me. It "just works".
|
| I even started self hosting it this year and it continues
| to "just work" - although I don't recommend it to most
| people since I now have to manage a server. I was already
| self hosting a lot of other things last year (wanted to
| move away from google/apple services) so the "cost" of
| self hosting Bitwarden was negligible.
|
| Anyway I know I rambled a lot, but just wanted to chime
| in and throw in my opinion about bitwarden
| gregd wrote:
| Thank fuck someone said this.
|
| Most users don't want to tweak anything related to their
| phones, tablets, computers, watches. If everything your app
| does, isn't reachable within 1-3 clicks/swipes/presses,
| then forget it.
|
| Someone suggested using two versions KeePass files...one
| for shared passwords, one for not shared passwords. This is
| NOT a substitute for clicking Share Password and literally
| not doing anything else.
|
| Someone suggested storing all your passwords in the
| browser. This is NOT a substitute for having all of your
| passwords available at the app level on your iPhone. This
| is NOT a substitute for sharing passwords with your whole
| family.
|
| UI/UX is EVERYTHING
| ChrisMarshallNY wrote:
| Yup.
|
| I have been hearing about how X11/MOTIF will "end the
| Windows/Apple hegemony" for _decades_.
|
| I don't know how often I've heard "X Windows is just as
| good as Mac OS."
|
| It's like when your vegan friend keeps telling you that
| "Falafel tastes just like beef."
|
| They have never tasted beef (or they hated the taste), so
| they don't have anything to compare it to. X Windows is
| GUI, written by people that hate GUI.
|
| What could _possibly_ go wrong?
|
| All that said, it's a crazy amount of money, and I really
| feel that the only real work the password manager needs,
| is to be rewritten in native. Electron is less-than-
| excellent.
|
| They must have some kind of strategy that goes beyond
| just being a password wallet.
| leokennis wrote:
| Also, for some software "everyone uses" like e-mail or an
| office suite, you can afford maybe some complexity or
| annoyance. The alternative "do not use e-mail" or "do not
| use an office suite" is a no go for almost anyone.
|
| The alternative "do not use a password manager" is
| however totally common. So if you want to get someone
| with limited time or affordance for annoyance (like your
| wife) to use a password manager, the process of setting
| it up and using it better be very smooth and
| frictionless.
|
| 1Password is very good at that part.
| Gormo wrote:
| > Nerds continue to fail to grasp the value of UI/UX.
|
| Or perhaps nerds _do_ grasp the _negative_ value of anti-
| patterns in UI /UX, and _reject_ attempts to create
| interfaces and usage models that remove control from the
| user, create vendor lock-in, or compromise privacy and
| security.
| gburdell3 wrote:
| I think a better way of saying this is that "nerds" (i.e.
| power users, the type of people typically on HN) want
| different things out of their UI/UX than the average
| user. That's the beauty of having different solutions to
| choose from: the power user is free to use something like
| KeePass, where it's not as easy to use, but you can set
| it up exactly the way you like; and the "normal" user can
| go with something like 1P or LastPass for more of a "set
| it and forget it" model. The average user _doesn 't care
| one bit_ about the things that you mentioned.
| b3morales wrote:
| Absolutely; this is the key to the whole thing. It's
| explained at length in the classic _The Design of
| Everyday Things_. Nerds v. normies are given the monikers
| "Homo logicus" and "Homo normalis". The nerds value
| control, understanding, and are concerned with edge
| cases; they accept complexity, workarounds, and the need
| for preparation as the cost. The latter prioritizes
| nearly the opposite, preferring simplicity to control,
| and guaranteed if partial success for the need to
| understand/invest time.
| vagrantJin wrote:
| > Because 1Password is easy enough to use that my wife and I
| can share a family plan
|
| Haha. I'm pretty sure browsers build this feature in.
| a5aAqU wrote:
| I don't think browsers let you share passwords between
| users or multiple browsers. They probably don't let you
| store secure notes or add extra data about logins.
|
| 1password lets you share passwords with other people, even
| if they don't have a 1password account.
| red_hare wrote:
| I've never seen a "share with family member" feature with a
| browser storing passwords. Also, this means I and all of my
| family members need to use the same web browser.
|
| Using a 1password family plan is the only way I've been
| able to wrangle my parents across their slew of iOS, macs,
| Android, Windows, and Linux machines to stop typing in
| passwords.
| function_seven wrote:
| I'm a single user who needs to have my passwords available
| on my work laptop (Chrome), my own desktop (Firefox), and
| my phone (Safari, iOS Apps)
|
| No built-in browser password manager will handle that.
|
| I'm sure a family with multiple users and half a dozen
| devices will run into issues as well.
| leokennis wrote:
| This exactly. "Selling" a password manager to a non-tech
| person who either uses the same password everywhere or
| someone who writes weak passwords on post-its is a hard sell.
| It's a lot of added complexity and more importantly, a
| different way to think about passwords: you no longer know
| any of your passwords, except one for the password manager
| itself.
|
| 1Password does a pretty good job of this; as a user I do not
| need to worry about syncing the database, keeping an app up
| to date (the website is always up to date) etc.
| TheCondor wrote:
| Copy that, on the family plan, works on all the devices that
| need it. We trust their shared vault technology enough.
| 1password is compelling. Not sure it's a billion dollar thing
| but it's good.
| PascLeRasc wrote:
| I'm using KeePassXC on my work computer and it takes around
| 30 minutes of maintenance every two weeks when the browser
| extension can't find the desktop app or bare functionality
| like "copy password" stops working and I need to reinstall.
| bradwood wrote:
| I had the exact same experience... So I upgraded my wife.
| npteljes wrote:
| Did you try BitWarden? I haven't yet, but it's supposed to be
| basically a FOSS alternative to LastPass / 1Password.
| sdoering wrote:
| The only downside is that I can't currently use my
| privately hosted instance as passwd safe with the chrome
| browser extension. This only works for the hosted version.
|
| So I can't habe autofill, automatic saving of new/changed
| passwords and password creation and also use the same vault
| for the mobile app (Android). The mobile app can access the
| self hosted vault without any issue.
|
| I would love to fully migrate to self hosted bitwarden, but
| the browser extension irks me. Maybe it is possible and I
| am just too dumb to find the solution.
| cannonpalms wrote:
| This isn't true. The browser extension (on all major
| browsers) allows use of self-hosted instances. I'm using
| it right now.
| sdoering wrote:
| I would love to know how that works. I was so not able to
| select an option to enter a different vault url.
|
| I could only enter email and password yesterday.
| mnd999 wrote:
| It's a slightly hidden option on the login page.
| sdoering wrote:
| Thanks a lot. Found it and all worked fine in the end.
| dopp0 wrote:
| Saris wrote:
| You can use a private instance with the chrome addon,
| just set your server URL in the settings like usual.
| erinnh wrote:
| I dont have any Chrome browser to test, but this has
| always been possible with the Firefox extension, so Id be
| surprised if it wasnt possible.
|
| There is a small cog in the top left side where you can
| change the URL to use when you login, in case you simply
| overlooked it.
| sdoering wrote:
| Will again take a look. I used Google to find a tutorial
| and that dpole of said cog, but I wasn't able to find it.
| erinnh wrote:
| I just made this screenshot in a chrome-based browser for
| you:
|
| Top left here: https://imgur.com/xCgrot0
|
| If you click on that, the "Server URL" field is where you
| want to put your private instance:
| https://imgur.com/Gua3jSb
| sdoering wrote:
| Thanks a lot. All of you helped a lot. Must have been
| blind yesterday evening. It worked.
| wise0wl wrote:
| Use Vaultwarden. I use that, and it works _wonderfully_.
| sdoering wrote:
| I use Vaultwarden as the server host. Does it have a
| chrome add on as well?
| remram wrote:
| You can use the Bitwarden apps with Vaultwarden:
| https://bitwarden.com/download/
| korantu wrote:
| BitWarden works really well for me, for example. It is FOSS
| and has hosted option; Has autofill plugin, android app,
| nothing required much in the way of configuration.
| fossuser wrote:
| Yes - 1Password is excellent and in the rare class of
| applications that actually ships new features that are both
| unexpected _and_ useful!
| codethief wrote:
| > When I evaluated KeePass, the Wife-Acceptance Factor (WAF)
| was not there, though maybe it's improved.
|
| How about you share one KeePass file for all shared passwords
| and keep another one for your personal ones? KeePassDX on
| Android can easily handle multiple files. I agree, it's not a
| _perfect_ solution but it 's rather low-tech and something
| the layperson might still understand.
| ssully wrote:
| I use KeePass everyday and I really love it. But I would
| never recommend it to a non-technical person over something
| like 1Password or Bitwarden. It's a great piece of
| software, but the user experience is about 15 years in the
| past.
| bognition wrote:
| "That sounds like 1 password with extra steps!"
| schleck8 wrote:
| What about Bitwarden? Open source and has a free plan for two
| people. The family plan includes one more seat than 1password
| and costs 20 EUR less per year
| alexdrue wrote:
| Strongly agree with this one. We tend to use Bitwarden and
| it helps me without any problems at all.
| halostatue wrote:
| My wife and I have used 1Password for years.
|
| I have, since the family plan was first introduced, also
| gotten my aging parents on the plan (so my brother and I --
| both _far_ from where my parents live -- can assist when
| required) and my brother.
|
| My wife has shifted from merely using 1Password to advocating
| the use of password managers in general and 1Password in
| specific (she had a letter read by Peter Mansbridge on his
| podcast a couple of months ago where she did exactly that).
| fxtentacle wrote:
| I agree with you that the 1Password UI is superior. I also
| didn't mean to imply that KeePassXC would be equal in every
| regard. That said, feature-wise, both of them solve the same
| problems for me.
|
| But do you believe 7000 years of work is a realistic estimate
| for how much effort is needed for KeePassXC to catch up?
|
| I don't.
| bognition wrote:
| I've had the exact same experience. It took me about 5
| minutes to teach my partner how to use 1Password and its been
| years since I had to help them use the app.
|
| I've stopped worrying about password re-use or compromise.
| Now I'm teaching my kids to use it and they love it b/c they
| dont have to make up or remember passwords.
|
| Yes there are other technically equivalent options but the
| fact I can get it setup on an iOS device in seconds and trust
| its used is worth every penny.
| [deleted]
| pier25 wrote:
| > b/c they dont have to make up or remember passwords
|
| The same could be said about any password manager though
| lolinder wrote:
| Not if they can't figure out how to install it or use it.
| rjzzleep wrote:
| My wife uses KeepassXC and KeepassAndroid now and syncs it
| with her own Dropbox. But yes, 1Password takes a lot less
| time for people to get used to.
|
| But to some extent it took her compromised passwords to
| finally start using everything.
| rahimnathwani wrote:
| F-Droid lists at least 4 Keepass-compatible password
| managers (KeePassDX, KeePassDroid etc.).
|
| Is there one which is best for most users?
| commoner wrote:
| KeePassDX has its own keyboard that lets you securely
| input usernames, passwords, and other fields without
| exposing sensitive data to the clipboard (handy when
| autofill doesn't handle the field).
|
| - Website: https://www.keepassdx.com
|
| - F-Droid: https://www.f-droid.org/packages/com.kunzisoft
| .keepass.libre...
|
| - Source: https://github.com/Kunzisoft/KeePassDX/releases
|
| Another FOSS app called Keepass2Android has the same
| feature, but recent versions of that app are not on
| F-Droid.
| rjzzleep wrote:
| I tried both KeepassDX and Keepass2Android. In the end I
| went with Keepass2Android. I don't remember why I chose
| Keepass2Android in the end, but I can definitely
| recommend it.
| andrecarini wrote:
| I can't vouch for the other options but I have been using
| Keepass2Android (with Google Drive sync) for years now
| and it does the job hassle-free.
| mox1 wrote:
| Agreed, Keepass file synced on Google Drive. Using this
| for 4+ years now with 0 issues. Syncs across desktop
| (Keeweb), Android (keepassAndroid) and ioS (StrongBox).
| Takes 5-10 seconds to sync.
|
| Also zero need to give any application permissions to
| access my Google Account. Using native google drive apps
| on all services to sync the file (just using file picker
| dialogs with drive app installed).
|
| Got my non tech parents setup on this. 0 questions asked
| once I set it up.
|
| Also have my partner and I on the same setup...just
| works.
| edf13 wrote:
| > How come 1Password needs the equivalent of 7750 years of $80k
| annual salary to build the same?
|
| One of the comments on the post is that they have 600+ staff?
|
| Why??
| HikeThe46 wrote:
| The individual user is extra revenue to them. Their business is
| B2B. Because my company uses 1password for business I also use
| it for home and they get an extra $60/year from my household
| because I need to already use it for work.
| chrisburgin wrote:
| If your company is using 1Password Business you can get your
| family account for free. https://support.1password.com/link-
| family/
| chaorace wrote:
| It really makes me wonder what kind of conversations had to
| happen to bring investors on-board. I don't want to give too
| much credit to investor types, but... surely this must have
| thrown up some red flags?
|
| Exactly what kind of moon-shot ideas did 1Password start
| tossing around to get those wallets open?
| nerdawson wrote:
| 1Password started doing secrets management last year. I'd
| imagine they'll go down the path of more business and
| enterprise tools.
| antupis wrote:
| Yeah this I hope strategy is to use current product as top
| of sale funel and then sell business secret managment +
| other IAM stuff.
| howdydoo wrote:
| I predict we start seeing "Login with 1Password" buttons on
| random websites next to the google and facebook buttons. I
| also predict it never catches on.
| my_usernam3 wrote:
| Hmmm.... I read the headline here and was a little
| perturbed. WTF does a password manager need THAT much money
| for.
|
| However, after reading your comment, I hope this is the
| direction they go. I actually really like the future where
| I can have instant accounts attached to a more anonymous
| backend than my social media. I'm sick of things as mundane
| as my local gym asking for access to my fucking friends
| list.
|
| Sign-up hurdles are a real thing too. I recently read that
| it was a major factor to Microsoft's video gaming stream
| service never taking off.
| Ajedi32 wrote:
| I'm guessing this isn't what you meant, but a password
| manager that integrates with the Credential Management
| API[1] would be amazing. Would simplify password management
| a _lot_ if it got widespread adoption, and provide an
| easier upgrade path to strong public-key authentication
| using WebAuthn.
|
| [1]: https://developer.mozilla.org/en-
| US/docs/Web/API/PasswordCre...
| lkbm wrote:
| Based on https://www.future.1password.com/ I'm guessing it
| will be closer to LastPass's auto-login. It still uses the
| existing username/password form, but autofills and submits
| for you.
|
| So a 1- or 0-click login once you hit the login form, as
| opposed to the current 3-click system (see login list,
| click to fill, click to submit). And looks like it also
| might handle the 2fa portion (which essentially makes it
| 1fa).
| chaorace wrote:
| That's certainly an eyecatching idea! I'd hate to be
| engineer in charge of that idea, though... how would you
| even begin to drive webmaster adoption? Even with the
| leverage of their massive userbases, Google/Facebook logins
| are far from ubiquitous.
| rattray wrote:
| > how would you even begin to drive webmaster adoption?
|
| "If your users use 1password, they won't keep forgetting
| their passwords (causing frustration and support burden)
| and won't use weak passwords that result in account
| takeovers (support and eng burden). Plus, you and your
| users won't be beholden to the whims of fb or Google".
|
| Just one idea.
| nathanganser wrote:
| Universal login future.1password.com
| moritonal wrote:
| Passwords are boring, hard and important. Customers know
| that, so are likely willing to spend a monthly fee to feel
| safe. Critically, they're unlikely to swap to a different
| provider when there's so much setup involved.
|
| Lot of money to make with those factors.
| abduhl wrote:
| The data that can be obtained on users by just knowing
| where they choose to create logins for is also worth
| immense amounts of money, without even talking about how
| often they login.
| jrm4 wrote:
| Correct, but also a warning sign. "Boring, hard and
| important" should rarely, if ever, be left to private
| companies as an isolated thing. They need to somehow be
| baked into the model of the other things that use it.
|
| It's the same reason there should be no such thing as a
| "structural integrity" company separate from the building
| contractor.
| chaorace wrote:
| Sure... but "good investment" and "good VC investment"
| aren't exactly the same thing. 1Password isn't exactly
| small and it's not exactly poised to explode either.
|
| I get that there's an untapped market of non-technical
| users, but I am rather skeptical that advertising alone
| will have much success in activating it -- they'd need some
| innovative approach that changes the way non-technicals
| approach password management.
| alx__ wrote:
| They're making a push into enterprise. More companies are
| using them. And they're beta testing a dev secrets setup like
| HashiCorp's Vault
| jiveturkey wrote:
| > They now need to grow at any cost
|
| Dude, that ship sailed at their last (and first) raise. It took
| a little while for the shoe to drop, which was about 6 months
| ago.
| kar1181 wrote:
| This was my first thought. "Oh no".
| wilkommen wrote:
| I use KeePassXC on my Mac and KeePassium on my iPhone and it's
| so great. And it's free. It's some of the best free software
| I've ever used.
| torstenvl wrote:
| I decided to go with Enpass instead of KeePass* but
| KeePassium for iOS gets my vote. It's faster than Strongbox,
| more configurable, and the developer is very responsive.
| thewarrior wrote:
| Coming soon - 1Password stories
| staticassertion wrote:
| The cost of a password manager is effectively 0 dollars for a
| company, so if they charge "more" than others it makes no
| difference.
| aceazzameen wrote:
| Oh no, my thoughts exactly. My wife and I were just talking
| about setting up 1Password to switch from LastPass. It looks
| like BitWarden might be the best option if only for longevity.
| ronnier wrote:
| Just switch to self hosting bitwarden. Stop using "the cloud"
| as much as possible.
| [deleted]
| EGreg wrote:
| Why is it that whenever intrinsic, usual operations of
| capitalism are described (which happen 99% of the time) such
| as...
|
| 1) whenever VCs invest in shares of a project
|
| 2) they tend to subsidize money-losing unit economics to
| "reduce friction" resulting in attempts to lock-in people and
| monetize their attention later
|
| 3) when the VCs later dump it on the public, the company has to
| now answer to wall street shareholders and its executives are
| heavily pressured to have quarterly earnings calls
|
| 4) they must find ways to extract rents forever because whoever
| bought at the top (the majority) wants to see their shares go
| higher, even at the expense of the public interest
|
| 5) whereas cryptocurrency could be about collective ownership,
| if there is no separate shareholder class then the network
| participants ARE collectively owning the means of production
| (basically, textbook socialism)
|
| Whenever something like this is stated, anarcho-capitalists and
| right wing libertarians say:
|
| Oh, there is NOTHING wrong with capitalism. That's not REAL
| capitalism. That is corporatism / cronyism. (Some go further
| and quote Mises/Say/Praxeology: "only individuals can act,
| organizations can't act.")
|
| Then about collective ownership of the means of production /
| distribution / the network they say... "That's not REAL
| SOCIALISM. Socialism is when you use central government and
| planning and has led to so much misery and famine..."
|
| So, a mainstream application of capitalism isn't "real"
| capitalism because laissez faire capitalism doesn't require the
| State. But credit unions, housing cooperatives, democratically
| run universities and now cryptocurrency DAOs are not "real"
| socialism because socialism requires the State?
|
| There is a huge double-standard here, and I would encourage
| ancaps to answer the following questions: Why
| not use mainstream dictionaries and encyclopedias for
| definitions? Why not admit libertarian socialism
| exists Why not compare the results of democracy
| vs top down ownership in organizations on both the
| participants and the public good
|
| Also, we can move beyond Libertarian Capitalism vs Libertarian
| Socialism discussions, to simply ask how to best structure
| decision making in a project.
|
| You can have cryptocurrency run top-down where people work on
| stuff to survive, and the parent company must make profits. Or
| you can remove the profit motive and have wikipedia, open
| source, science, etc. But then you'd need to subsidize people's
| maslow's needs with a UBI.
|
| See for example how your very news and media is affected by the
| profit motive... compare something like WikiNews vs CNN and
| Fox. Where are the movements to do something about it? Here is
| one example I am working on myself: https://rational.app
| Sohcahtoa82 wrote:
| I don't see how cryptocurrency solves any of the problems.
| Items 1-4 would still exist. The only difference is that the
| corporations would be funded with ETH/BTC/DOGE/whatever
| rather than US Dollars.
| EGreg wrote:
| No, not at all. It is the difference betweena credit union
| and a bank, a housing cooperstive vs a landlord owned
| building.
|
| To use a real world example: DisneyWorld is a city owned by
| a corporation, instead of democratically run. Because the
| people who own DisneyWorld shares (shareholder class)
| aren't the visitors -- the visitors buy DisneyDollars. They
| are the consumer class.
|
| And there is also the working class (people who work in
| DisneyWorld) and their employers (small capitalists) who
| run a business inside DisneyWorld and pay rent.
|
| Disneyworld and other cities could have its own smart
| economy with DisneyDollars and never have to raise money
| from speculators. Think of DisneyDollars as utility tokens
| and shares as security tokens for speculators.
|
| Here is how it works in detail:
| https://intercoin.org/communities.pdf
| Trias11 wrote:
| >> And they'll throw their users under the bus
|
| You cannot really throw users under the bus in highly
| competitive and lucrative space.
|
| It's not that difficult to export full data from 1password and
| move on.
| amelius wrote:
| > How come 1Password needs the equivalent of 7750 years of $80k
| annual salary to build the same?
|
| This is once again just a case of investors hoping to make a
| pile of money so big they can corner a market. Sadly, they have
| no idea how cornering a market works (or doesn't work) in the
| case of digital products like this.
| malwrar wrote:
| Don't forget that this isn't used by just individuals--
| businesses use it too to share credentials for things like the
| corporate Twitter account, internal systems, etc. I'm willing
| to bet that further investment there could help back up that
| valuation.
| vidarh wrote:
| Realistically their B2C accounts are a sales funnel for their
| B2B. Because I was familiar with it for my own use, my
| employer uses it and they make much more money that way.
|
| Because they also let you get free family accounts if your
| company uses it, they presumably then rope in a lot of
| individuals for personal use who then become incentivised to
| want their next employer to use 1password too.
| gruez wrote:
| >How come 1Password needs the equivalent of 7750 years of $80k
| annual salary to build the same?
|
| sales/marketing
| waynesonfire wrote:
| Good call, residential users are solid maybe they're going
| after the corporation use case?
| dominotw wrote:
| refer to the famous dropbox comment on HN.
|
| 1password is just more usable for most people.
| AlexandrB wrote:
| They previously raised $100M in 2021[1] and in my mind the rot
| has already set in. 1Password 8 is not OS-native and is an
| electron app. Local vaults are no longer supported - you must
| use AgileBits's cloud. And 1Password 7 shows non-dismissible
| ads for upgrading to 1Password 8[2].
|
| Edit: They also inexplicably (and silently) dropped support for
| the 1Password iOS share sheet while directing users to the
| 1Password iOS Safari extension (which only works if you use
| AgileBits cloud and does not work with local vaults)[3].
|
| Edit2: Missed another $200M raise in 2019[4]. That puts them at
| nearly $1B in VC funding now.
|
| [1] https://techcrunch.com/2021/07/27/1password-
| raises-100m-at-a...
|
| [2]
| https://old.reddit.com/r/1Password/comments/qjb4l4/theres_no...
|
| [3]
| https://old.reddit.com/r/1Password/comments/pxpdcd/ios_share...
|
| [4] https://techcrunch.com/2019/11/14/fourteen-years-after-
| launc...
| Graziano_M wrote:
| I'm hanging on to 1password 6 for as long as I can. I can't
| use the browser plugin on firefox anymore, so I have to
| copy&paste my passwords in, but at least I have my vault
| stored locally. I also paid something like $70 and had the
| rug pulled from under me when they wanted to start charging
| monthly on top of that.
|
| It's not that I expect support forever for software I paid
| once for, but I think that the monthly, no local vault is
| worse than what they offered in 1password 6. I am OK with
| having to manually copy in passwords.
| jwong_ wrote:
| I am using 6, and the classic extension still works for me
| on Firefox. It was only when they discontinued (and refused
| to port) the Safari classic extension that I couldn't use
| Safari anymore.
|
| [0]: https://support.1password.com/cs/1password-classic-
| extension...
| fortuna86 wrote:
| Works for me on Chrome too, but not Brave (my browser of
| choice).
|
| Are there any security concerns holding on to 1p 6.0 ? I
| notice the mobile app still sees updates, but could there
| be in theory an unpatched security hold in the desktop
| app ?
| Graziano_M wrote:
| That's part of the reason I am OK with just copying and
| pasting in firefox. It keeps the desktop app isolated
| from the browser.
| steelstraw wrote:
| They have virtually endless developer resources and aren't
| building native apps?! This is insane. Not only from a
| performance perspective, but more importantly from a security
| standpoint. The more they rely on 3rd party code, the more
| vulnerable they are.
| johncalvinyoung wrote:
| Basically all of the above makes me very sad. But it's still
| useful enough that I'll still be paying, but they are drawing
| down that goodwill.
| cced wrote:
| You also cannot attach pictures to ios secrets without the
| new subscriptions.
| 72deluxe wrote:
| This is crazy. Is there any reason to learn how to write with
| a speedy native toolkit anymore??
| barkingcat wrote:
| "KeePassXC was still free open source and developed by
| volunteers in their free time."
|
| This is _not_ a benefit. Within the next 2 years, be wary of a
| log4j level exploit within Keepassxc.
|
| If a software isn't being supported by a steady source of
| income, it really quickly can get behind in security and tech
| debt.
|
| After all the discussion on here about how we can support open
| source projects, why is it still a badge of honour to say that
| a software has no support and is functioning on life support by
| "volunteers in their free time"?
|
| I'd suggest any users of KeePassXC take their money and put it
| where it counts: find the organization that develops KeePassXC
| and give them the $60 a year that it costs to buy a commercial
| password manager like 1password.
|
| If KeePassXC has all the features you need, it's worth paying
| them for it.
| pydry wrote:
| LastPass was bought for $100 million and had some security
| howlers.
|
| "pass", on the other hand, has no funding and no security
| vulnerabilities.
|
| I'm pretty sure it's more secure to use apps engineered with
| a deliberately tight scope that arent lavishly funded than
| egged-up VC bloated monstrosities.
|
| You wanna bet that building in electron is gonna keep
| 1password more safe? I wouldnt. The attack surface on that
| thing is gonna be huge.
| ahtihn wrote:
| Closed source products are really well known for investing in
| security and keeping tech debt to a minimum. This is why no
| commercial closed source product depended on something like
| log4j without thouroughly auditing it first. Oh wait...
| senko wrote:
| > "KeePassXC was still free open source and developed by
| volunteers in their free time."
|
| > This is not a benefit.
|
| Parent never claimed this, they were questioning why 1p would
| possibly need 620m for developing roughly the same value.
| hogrider wrote:
| Because central bank shenanigans made the whole economy a sham.
| alecco wrote:
| This opens a great opportunity for an open source disruptor to
| scoop their paying customers. Keeping it simple. I would be
| happy to throw in $100 to some crowdfunding as long as there's
| at least one legit security dev onboard. No Crypto bros please.
| deadbunny wrote:
| Search for Bitwarden. No crowdfunding needed.
| pier25 wrote:
| > And they'll throw their users under the bus
|
| Just as they did when all the snafu with Dropbox and the switch
| to a subscription based service.
|
| Before the subscription service, I had spent hundreds buying
| all their apps for me and my family. 1P wasn't cheap but it was
| worth it. They used the users' Dropbox to host the web based
| vault. Obviously one day Dropbox decided it was not ok to use
| the public folders to host websites.
|
| It really was a shitstorm in 1P's forums and they handled it
| very badly.
|
| 1P could have spent pennies hosting the vaults on S3 or
| something but they decided to tell their paying customers to
| switch to the subscription if they wanted a web based vault.
| They didn't even have the decency to offer a free year to the
| subscription or something.
| throwaway64643 wrote:
| 3 buck per month? Family sharing for 5 buck? Nah, this is the
| typical bait&switch strategy (same as Netflix). It is cheap
| now. But it won't be cheap in the future.
| scblock wrote:
| Exactly. Once you raise a bunch of VC money you've sold your
| actual business to vampires. From now on it's grow at any cost.
| Add bloat, feature creep, unrelated projects, cost increases,
| and probably user data mining and sales on top of it. How was
| their rather expensive subscription fee and large subscriber
| base not sufficient to continue operating profitably?
| cactusmatt wrote:
| I don't know. Greed? I've been following the 1Password Saga
| for a while (long time user), and how they responded to the
| electron pushback seemed like they lost their initial vision
| and what made them "in touch" with their users like me.
| nathanganser wrote:
| What was the electron pushback? Link?
| cactusmatt wrote:
| With 1Password 8, they shared news that they were moving
| from native (mac) apps to an Electron UI/frontend with a
| Rust backend. They did an AMA on Reddit, but didn't show
| up for a while and got hammered by their users. Their
| refrain, until Dave Teare showed up, was "but it will be
| on Rust and the backend will be faster" and didn't
| acknowledge why users might be upset with the move from
| Native to Electron apps.
|
| https://www.reddit.com/r/1Password/comments/p2dmpt/all_ab
| oar...
| Spivak wrote:
| I think it was a mistake to even involve the online
| community. Of course nerds want you to build a high-
| quality native experience on every platform because they
| are heavily invested in their platform of choice.
| Listening to these kinds of users at all will drive your
| business to ruin.
|
| Honestly building on "tech stack power users hate" is
| probably the easiest way to fire all your worst, most
| needy, users.
| upbeat_general wrote:
| Reading about it now, it feels like the electron move was a
| result of the VC money. With pressure to grow comes endless
| A/B tests, gimmicky features, etc and having too many
| different platforms means you need to split the work across
| more devs. Trying to match the extra functionality _and_
| have the same look is pretty difficult as a program grows.
|
| That being said I hate that 1Password needs that. It's just
| a password manager at the end of the day.
| akerl_ wrote:
| I'm amused by the large portion of the Hackernews userbase
| that seems to view venture capital as an absolute evil, given
| that this is YCombinator's forum.
|
| Can you really not think of any examples where VC capital has
| improved a company, product, or service?
| scblock wrote:
| Viewed that way because it's the truth. It ruins everything
| it touches, but makes a few rich people along the way. For
| some that's the goal, but it's absolutely a net negative.
| CosmicShadow wrote:
| I cannot and it's widely known how they ruin thing with
| example after example. I'm sure some VC has helped a few
| people inadvertently along the way (although it was likely
| the founders, to the chagrin of the investors, that did
| anything positive). The VC business is to make money, no
| matter how shitty they make things, by blowing them up or
| letting them die, they don't care for anything else, why
| would they.
|
| I would think most people view YC more in line with the
| Angel round, which is an entirely different view point;
| Angel's are actual helpful people who did something on
| their own to achieve success (not poser VCs) and/or are
| mentors and coaches who want to give back, but it's
| unfortunate that people need to go beyond angel to VC, and
| the expectation from the angels is that you must or they
| won't make their money.
|
| Just because we are on a YC forum doesn't mean we have to
| suck the industry's dick.
| gen220 wrote:
| I don't think the problem is with capital writ large, but
| rather the perverse influence of capital incentives as
| applied to a personal security product.
|
| The value one gains from a personal security product (data
| portability, availability, accessibility) is often at odds
| with the interests of capital, which lean towards moat
| construction and rent-seeking. Over time, in a for-profit
| company, capital will always "win". Trading equity for
| other peoples' cash investments only accelerates the
| process.
|
| For an adjacent example, LastPass never took a dime of VC
| money (afaict), but their structure as a for-profit company
| pushed them to lock down their product and charge rents,
| where they had not previously. If they had taken VC money
| or went public instead, it may have delayed the inevitable,
| but it only would have been a delay, not a solution.
|
| People in this thread are disappointed, because these
| companies began their lives with a compelling, free, and
| user-empowering invitation, and it is sad (although not at
| all unpredictable) to see those features taken away by the
| incentives of capital. I think it's understandable, and I
| wouldn't read it as an indictment of VC writ large.
| moises_silva wrote:
| > For an adjacent example, LastPass never took a dime of
| VC money (afaict), but their structure as a for-profit
| company pushed them to lock down their product and charge
| rents, where they had not previously. If they had taken
| VC money or went public instead, it may have delayed the
| inevitable, but it only would have been a delay, not a
| solution.
|
| I do not understand. It's a business. Why would anyone
| expect important services to be free? during ramp up
| there's a benefit of providing free or discounted
| services while you grow, learn what users want, estimate
| your own costs, etc; It was a free ride and you can enjoy
| it while it lasts. Why would anyone expect a free ride to
| _also_ last forever?
|
| In my opinion great products need a strong balance of
| capital and ideals. Capital incentives unchecked by a
| counter balance of leadership actually believing in the
| mission of the company can lead to bad outcomes. Pure
| idealism without adequate funding has another set of
| problems though.
| gen220 wrote:
| > Why would anyone expect important services to be free?
|
| I think the "common person" does not see these as growth
| hacks. The internet is full of things that "appear" free,
| and have "appeared" free forever.
|
| You have x-ray vision for how these businesses work
| internally, and you describe the playbook very
| accurately, but most people do not have this kind of
| context.
|
| Which makes it hard for those people to distinguish "good
| people doing good work for the good of all" from the
| playbook you describe. It's especially hard when the
| company describes itself as the former externally.
|
| > Capital incentives unchecked by a counter balance of
| leadership actually believing in the mission of the
| company can lead to bad outcomes.
|
| This is true. As a customer, depending on the good-will
| of leadership to counterbalance the influence of capital
| is depending on humans, and even really good ones are
| fallible and temporal.
|
| A for-profit company blessed with good leadership today
| does not guarantee a for-profit company with good
| leadership tomorrow, a year from now, and so-on.
| Eventually, within the constructs of a for-profit
| company, capital always wins.
|
| > In my opinion great products need a strong balance of
| capital and ideals.
|
| Yep yep, value creation and openness are not mutually
| exclusive, and one does not have a monopoly on the other.
|
| However, I'd argue that value _capture_ and openness are
| mutually destructive: only one wins in the end, and the
| total victory of either marks the death of a business
| (i.e. something that generates profits for shareholders).
|
| From a consumer's point of view, once an organization
| gets in the mindset of optimizing for value capture over
| value creation and openness, it's time to consider moving
| on.
|
| The paradigm-shift of software is that the victory of
| openness no longer means the destruction of customer
| value, because OSI-licensed software can outlive the
| business.
| moises_silva wrote:
| > This is true. As a customer, depending on the good-will
| of leadership to counterbalance the influence of capital
| is depending on humans, and even really good ones are
| fallible and temporal.
|
| Well, I dunno, you always are depending on the "good
| will" of leadership. They could decide to squeeze every
| cent and provide as little value as possible at any time,
| whether they have venture funding or not. If your
| alternative is a "non profit", look at Mozilla, plenty of
| people unhappy with a lot of their decisions and users
| feeling "betrayed". I don't think we can expect most
| services to run as non-profits regardless. It's an
| imperfect system, but is the best we've got so far.
|
| > From a consumer's point of view, once an organization
| gets in the mindset of optimizing for value capture over
| value creation and openness, it's time to consider moving
| on.
|
| I'd argue this comes _after_ the IPO. When you have
| millions in venture capital, is easy to keep running the
| business at a loss and keep growing. When it 's time to
| make a profit is when things start getting hard.
|
| I suppose this is what some people don't like. They'd
| like founders/businesses that stay small and focused on a
| niche, make money but not too much and keep a good value
| product running. Without looking at 1Password finances
| though, even when it was a paid service, we don't know
| how profitable it was, if at all, and may be going after
| enterprise customers with this new funding is the only
| way to not only 'break even' and start making some good
| profits.
| gen220 wrote:
| > you always are depending on the "good will" of
| leadership
|
| This isn't true if the product is FOSS. The Mozilla
| Company can be a disaster, but that's OK because Firefox
| is OSI-licensed. It will outlive Mozilla, and one or more
| community forks will appear to replace it, if needs be.
|
| For example, observe how https://rockylinux.org/ rose
| from the ashes of RHEL/CentOS, after Red Hat were
| acquired by IBM.
|
| The lesson is that as long as there's interest in an OSS
| product, there is money to be made servicing (hosting,
| bug-fixing, whatever) it. Where there is money to be made
| servicing it, a business will appear to soak up the
| demand.
|
| > I'd argue this comes after the IPO.
|
| I think it's purely a function of who your shareholders
| are, what your unit economics are, and how much money you
| have in the bank. It can happen to any stage of company.
| In general, contrary to popular HN belief (not saying
| it's yours), VCs prefer not to put good money after bad.
|
| There are many public companies that are _not_
| relentlessly pursuing value optimization, because they
| have good unit economics, and have invested in attracting
| shareholders that are aligned with this idea. They are
| not starved for cash, and can raise money with low-
| interest loans when a growth opportunity presents itself.
|
| > Without looking at 1Password finances though, even when
| it was a paid service, we don't know how profitable it
| was, if at all, and may be going after enterprise
| customers with this new funding is the only way to not
| only 'break even' and start making some good profits.
|
| Like you say, we can't comment on 1P directly without
| knowing access to their Stripe account.
|
| One might charitably say, their business hitherto was an
| experiment to see if one could build a VC-scale business
| around the problem of personal password management. The
| answer is no, but they can leverage their experience
| gaining that knowledge into solving a similar problem at
| an enterprise scale. That's probably how the execs &
| employees think, and it's a very reasonable take.
|
| Unfortunately, while it's optimal for long-term viability
| of their business, it's not optimal for the consumer
| world writ large. While 1P has bootstrapped at the
| consumer's expense and benefit, building a consumer-
| facing brand for themselves along the way, it is now all
| downhill for the consumer from here, because they are no
| longer the focus of the company.
|
| One can imagine a counterfactual, where they had
| developed their core applications as FOSS. 1P the
| business could continue to make money as 1P-enterprise,
| and "the people" could take over maintenance of
| 1P-consumer, if there was sufficient interest. The
| valuable experience they've accrued in building their
| product would continue to spin off value, instead of
| slowly grinding to a halt.
|
| ---
|
| Don't get me wrong, if you put me in the shoes of some
| exec at 1P with a fiduciary responsibility, I would do
| the same thing they're doing. It's the only rational
| direction. Their decision space is/has been heavily
| constrained by their initial conditions (accepting VC
| money, not starting with a FOSS product, etc.). If they
| hit `git push` to some public remote today, they risk
| losing the entire network they've been investing the last
| N years in building. It's not reasonable to expect people
| to make that trade.
|
| I guess I'm hopeful that people will observe these
| outcomes, that it may influence their own decisions in
| choosing the initial conditions of their own projects.
| Sometimes fiduciary responsibilities contravene social
| responsibilities, and the superior cure for that
| circumstance, like with so many others, is prevention.
| neon_electro wrote:
| 1Password has been a paid product since its inception.
| moises_silva wrote:
| Yeah I get this, I'm a paying customer. Not overly
| worried, as long as I can export and move on to another
| service. I used to be a LastPass user until 2yrs ago. I
| was replying to the comment about LastPass starting to
| monetize users (e.g limiting the free tier functionality
| even more).
| AlexandrB wrote:
| I think the big VC raise is often the moment that many
| companies' relationship with their users goes from friendly
| to adversarial. I suspect this is because the incentives
| become misaligned. A bootstrapped company needs to keep its
| users happy to keep the money coming in for operations and
| growth. User churn is expensive at this stage. A funded
| company has other options such as running at a loss to
| attract new users and outpace any churn in the existing
| user base.
| NineStarPoint wrote:
| I can think of many times where VC capital has improved a
| company, in two ways. The first is in allowing a company to
| scale far more quickly than it could have naturally. The
| second is in creating connections to other companies,
| essentially getting a foot in the door to convince those
| connections to use the company's product.
|
| But rarely improved the product. At best you have a company
| that does keep it's soul, and continues to improve the
| product as they would have on their own. Far more often,
| the product and pricing structure is made worse in the long
| run through VC investment. It's not necessarily VC
| interference that is solely to blame, the change in size
| and scope that tends to come with such investment is a
| massive hurdle on its own.
|
| Of course, taking VC capital is almost certainly necessary
| to continue to exist, given you are competing against
| others who will take that capital and quickly use it to out
| compete you if you do not. I just view this as unfortunate,
| when I find companies that grow at a more natural speed to
| generally create better products.
| arepublicadoceu wrote:
| > Can you really not think of any examples where VC capital
| has improved a company, product, or service?
|
| I honestly can't, do you mind sharing a few examples to
| prove your point?
|
| I have a long list of "stopped using because went to shit
| after VC was injected"
|
| 1. WhatsApp and Facebook relation
|
| 2. Twitter and the loss of control over my feed
|
| 3. Spotify and the podcasts shenanigans
|
| 4. Dropbox and their assholery against free users
|
| 5. Evernote and their assholery against free user,
| increasingly useless redesigns and lack of improvement on
| the basics
|
| Etc.
| absolutelymild wrote:
| Twitter had a venture led Series A in July 2007
|
| https://techcrunch.com/2007/07/29/more-information-on-
| that-s...
| mbesto wrote:
| Survivor bias at its finest.
|
| Dropbox, Spotify, and Twitter all used VC money to
| launch/improve their product. Just because you don't
| specifically like the traunch of VC money that was used
| prior to IPO doesn't mean _all_ VC is blood-sucking.
|
| There are countless examples of products people use that
| have had some form or shape. In fact, I'd argue there are
| rarely apps that anyone uses here on a regular basis that
| _didn 't_ have some form of VC money injected into them.
| The only one that comes to mind is (1) Basecamp (but
| technically they took money from Bezos) and (2) Atlassian
| pre IPO (now public).
| [deleted]
| pgwhalen wrote:
| I'm confused about what the point is here. Isn't every
| single one of these companies venture capital funded?
| stickfigure wrote:
| Were any of these companies bootstrapped? Weren't they
| all investor-funded creations from the start?
| addingnumbers wrote:
| Isn't this $620M investment about 5,000x the amount of a
| typical ycombinator investment?
| caskstrength wrote:
| I don't consider venture capital absolute evil (or evil at
| all), but don't understand why old profitable company with
| established user base needs to take such ludicrous amounts
| of money from VCs. What are they planning to do to return
| that investment? Grow by any means necessary and sell out
| with all our data to big tech company? As a long time
| 1Password user I have a bad feeling about this.
| mizzao wrote:
| Whatever, maybe they'll introduce some super discounted plan so
| I can finally switch over from LastPass before they also
| succumb to growth shittiness.
| ajmurmann wrote:
| 1Password, like Evernote, to me is a canonical example of an
| app that's actually "done" and ideally would enter a sustain
| mode.
| tlogan wrote:
| The are going to focus on the enterprise market. Good for them
| but this also means that they will make things worse for small
| businesses and personal users. Intentionally or non-
| intentionally but it will happen.
|
| But that is nature of the beast.
| [deleted]
| natch wrote:
| They already threw their users under the bus once by changing
| to an insanely money-grabbing subscription model. But yes,
| agree with everything you said.
| Semaphor wrote:
| 1Password has the cloud, so maybe a better comparison would be
| bitwarden, not free (to use their hosted service) but FLOSS.
| Everything else stands, though ;)
| lotsofpulp wrote:
| The cloud part of a password manager can easily be handled by
| any file sync service, which are free and indistinguishable
| in quality from 1password.
| paulryanrogers wrote:
| Generally agree but there are important edges where that
| breaks down: shared vaults, one time access, posthominis
| access, etc.
| a5aAqU wrote:
| Maybe for technical people.
| rootusrootus wrote:
| Well played! It's like Dropbox all over again.
| [deleted]
| abeppu wrote:
| But 1Password previously had the option to _not_ use their
| cloud, and they deliberately killed it to push people onto
| their subscription offering. So I think in the context of a
| conversation about how financial conditions will force
| changes which change the customer experience, I think it's
| entirely fair to compare them to a non-cloud option.
| dkonofalski wrote:
| >they deliberately killed it to push people onto their
| subscription offering
|
| There are things available via the Cloud version that
| aren't available with local vaults and, in order to
| maintain those, they decided not to put the time into
| implementing those changes for local vaults. Local vault
| users are less than 1% of their user base.
| deadbunny wrote:
| How is that not deliberately pushing people to move to a
| subscription model?
| dkonofalski wrote:
| Parent comment said they killed it. They didn't kill it.
| You can still use local vaults currently. You won't be
| able to any more in newer versions because they're no
| longer at feature parity. Killing it to push people to
| the subscription model implies malice.
| chaxor wrote:
| Wouldn't KeePass + syncthing be just as ubiquitously
| available, with more security?
| Semaphor wrote:
| Yes, especially nowadays that sync errors are not
| commonplace. I use it with Nextcloud. But that still
| requires you setting up your own thing, which is why people
| like 1password and bitwarden.
| the_duke wrote:
| Bitwarden is free for personal accounts.
| wlesieutre wrote:
| Bitwarden has free hosted accounts, they just don't have all
| features enabled. Most notably, you can't store attachments.
| fortuna86 wrote:
| I guess my offline standalone license now has its days
| numbered. Sad.
| [deleted]
| hodgesrm wrote:
| Alternative view: I'm glad to see 1Password obtain abundant
| financial backing. I use 1Password personally and at my
| employer. It's really good. I won't switch as long as they keep
| it that way. Seems as if they have enough money to do that
| regardless of what happens in the market.
|
| p.s., How is this really different from going public? I'm sure
| they considered that option. Either way you are answerable to
| investors.
| xmorse wrote:
| What about being profitable? If you need 620M to keep the
| company alive what will happen next time?
| AlexandrB wrote:
| Yeah, I'm much more worried about their future now than I
| was 5 years ago. Having to justify a $6B valuation for a
| password manager means making risky moves into new markets
| that may not pan out. If things don't go well, AgileBits
| will be sold for parts. Perhaps to the same kinds of
| vultures who own LastPass and TravisCI.
| Aeolun wrote:
| Fire all developers and rest on your laurels for many, many
| years?
|
| But of course they can't do that because VC, right?
| hodgesrm wrote:
| It's not enough to be profitable (which they claimed to be
| in 2021). But even if they are profitable, it's unlikely
| they generate a lot of cash. For a secure future you also
| want a nice pot of cash to be able to make investments and
| to weather dips in the market.
| [deleted]
| bananapub wrote:
| yikes, this is a terrible take - $620m of capital means they
| are expected to become enormous and make huge returns, or go
| bust trying.
| hodgesrm wrote:
| Not necessarily. Let's say you want to build aggressively
| to $1B revenues with a $1B annual run rate. Let's further
| say you pretty much keep expenses and revenue directly in
| line, so you don't lose money but you don't gain either
| while building. So, your cash reserves remain the same. As
| your revenue grows, the cushion you have to deal with a
| market downturn or seize unexpected opportunities declines.
| Having a cash cushion up front solves this problem.
|
| I don't have any special insight into 1Password's strategy.
| But I run a company that is essentially bootstrapped and
| what I described is exactly how we think of cash reserves.
| In the bootstrapped case, there's a basic math problem that
| to maintain a constant runway while growing rapidly you
| must be cash flow positive by an increasing percentage as
| time goes on. Perhaps 1Password is just looking to protect
| a long runway that will get them to IPO.
| dahfizz wrote:
| 1Password is like 15 or 16 years old at this point, right?
| The fact that they still need "financial backing" after all
| that time is extra alarming, IMO. They have raised nearly $1B
| in VC money!
|
| This has come with all the expected side effects. No local
| vaults, electron apps, forced subscription payments, etc etc.
| More VC money makes for a worse customer experience, almost
| universally.
|
| > How is this really different from going public?
|
| Venture Capitalists are not like the general public. People
| trading public stocks value fundamentals - a good product
| that generates _profit_, _steady_ growth, etc. VCs want
| cancerous, explosive growth and are willing to take the risk
| that the pursuit of cancerous growth kills the company.
| hodgesrm wrote:
| People who own public shares value return on investment,
| which in today's market is only loosely couple with
| fundamentals in many cases. It's hard to explain the value
| of a lot of public tech companies any other way. Rivian
| (RIVN) is exhibit A.
| loeg wrote:
| This isn't sustainable financing -- it's growth financing
| that they will eventually need profitability to make good on
| the investment (or drive them into the ground). I also use
| 1password at work and home, and I'd rather they figure out
| how to operate profitably without the VC-necessitated
| hypergrowth.
| [deleted]
| songshu wrote:
| Question for consumer users of this service who are also Apple
| users -- how does it compare to Apple's password management?
| partiallypro wrote:
| I have as of yet been able to find a password manager I actually
| enjoy and doesn't have its share of problems. LastPass, 1Pass,
| NordPass, Enpass, KeePass...all of them fall short or feel
| slow/buggy or have poor integrations.
| hda111 wrote:
| I can't trust 1Password when everything is stored in cloud.
| 88 wrote:
| Presumably a stepping stone on the way to 1Password being
| acquired by a major tech company, e.g. Microsoft, Google, or
| Apple?
| chriscjcj wrote:
| Used 1Password for years and years. Being forced to have my
| password database leave my control and be hosted by a third
| party, AND pay a subscription fee for the privilege was a bridge
| too far.
|
| I now have a vault-warden docker running on my Synology NAS at
| home. I have Bitwarden running on my computers and mobile
| devices. I have no ports open to my NAS. I'm using a UDMpro
| router and have an L2TP VPN configured. This allows me remote
| access. I pay nothing and I'm in complete control of my password
| data. This has turned out to be a wonderful setup and I'm very
| grateful that it's possible.
| Croftengea wrote:
| They will probably go Dropbox route. Dropbox used to be an
| excellent file sync cloud service with a robust support on many
| platforms. They did just one thing and did it well. Now Dropbox
| is positioning themselves as business-team-collaboration-
| streamlining-platform for everything whose software is balancing
| between poorly programmed malware and useless enterprise
| bloatware.
| worldsayshi wrote:
| This makes me think that the real problem here is vendor lock
| in. If users didn't feel such a reluctance to switch between
| services then there wouldn't be such an incentive to bloat
| existing services rather than just building it somewhere else.
| manmal wrote:
| Apart from lock-in, first mover advantage is a big one too.
| Humans don't like change, so they stick with services as long
| as switching provides no big benefits.
|
| My small company has stayed with our initial bank even though
| we were quite unhappy with it a couple of times. They didn't
| rock the boat too hard, so we've been with them for 8 years
| already - even though I was _this_ close to quitting
| sometimes.
| tinyhouse wrote:
| Did they have a choice? Companies like Google and Microsoft
| provide a package of file sync cloud service bundled with many
| other services, for the same or lower price. Most
| people/companies would find that a better deal.
| Croftengea wrote:
| No they probably didn't, because by getting almost 2B$ in
| funding they forced themselves to compete with MS and the
| likes.
| elteto wrote:
| I forget... didn't Steve Jobs tell them something akin to
| "your product is just a feature"? Looks like Jobs was right.
| christkv wrote:
| This makes me want to consider switching away as they know will
| have monetize so who knows how they will mess with me in the
| future. Any options out there that supports the same range of
| clients and are privately held ?
| mrkentutbabi wrote:
| I think if they use this for R&D more into security, I wouldn't
| mind. It will be better for consumer overall.
|
| Password manager is still hard to use for the elderlies and
| technically non savvy people.
| ChrisMarshallNY wrote:
| Good on 'em.
|
| I've used 1Password for years.
|
| It would be nice to say goodbye to Electron, though...
| [deleted]
| lekevicius wrote:
| Just makes it more clear: this is no longer a product for "us".
| yokoprime wrote:
| Ok, care to explain your viewpoint further?
| SllX wrote:
| 1Password is a SaaS utility that provides a tool for
| generating and storing login info and other sensitive
| information.
|
| To me; that's immensely valuable, but it's solved for most by
| a combination of just using the same passwords or, on
| iPhones, iCloud Keychain.
|
| Now some folks have dumped the better half of a billion into
| a tool I pay about $35/year for and is basically feature
| complete. They'll want a return on their investment. How do
| you expect 1Password will give it to them?
| shiftingleft wrote:
| > but it's solved for most by a combination of just using
| the same passwords
|
| That's not what I'd call a "solution"
| SllX wrote:
| Neither would I but they do it anyway. I'll convince
| anyone I can to just pull the trigger on 1Password, but
| not many do.
| lotsofpulp wrote:
| Because the need to meet ROI always leads to selling data.
| edoceo wrote:
| Doesn't always lead to that but...now that the company has
| these investors who demand returns the company no longer
| has alignment with the customer. The needs of the customer
| and the needs of the investors are in direct opposition.
| Karunamon wrote:
| Only Sith deal in absolute slippery slope fallacies.
| Besides, this is a paid product with steady MRR, there's
| plenty of growth to be had without compromising the
| product. The recent integration with Fastmail for one-click
| creation of disposable addresses is a great example.
| kfarr wrote:
| Raising hundreds of millions of dollars for a built,
| profitable product with a tight scope and millions of users
| usually means the product scope will increase as part of
| their new remit to drive shareholder return. If people liked
| the existing tightly scoped product, and for password
| management simpler is better for many users, this investment
| indicates the product will necessarily move away from the
| existing use cases as a condition of accepting the funds.
| qqqturing1 wrote:
| They will probably invest in business integration/sales.
| TBH we need more password management in this world and not
| less. Increasing scope in enterprise domain means reaching
| users who would otherwise just use post it's for the
| passwords.
| jerf wrote:
| I think lotsofpulp is on to something, but the other major
| possible answer that comes to mind is moving more into the
| enterprise space. If that happens, it'll no longer be for
| "us" because if they succeed, they'll inevitably make much
| more money in that space and be all but forced to pivot
| harder into it. That'd be much less of a betrayal than
| selling more data, but it would still mean that slowly but
| surely it would simply focus less and less on single user
| concerns.
|
| IMHO it isn't _intrinsically_ impossible to serve both
| enterprise and single customers, but the business people will
| always be internally grumbling about the slight additional
| expense that doesn 't have a good ROI vs improving their
| enterprise product, and the marketing team will want every
| other screen to be an ad to upgrade to enterprise which
| discriminating users will rapidly get tired of. It'd take
| strong and even a bit quirky executive leadership to overcome
| those issues. Not impossibly strong, but strong.
|
| Edit: Also, they don't have the option of slathering their
| app with generalized ads. Running ads in the context of a
| password manager would be insane and lose all their thought-
| leader users in a heartbeat, permanently. So that door is not
| open to them.
| samcat116 wrote:
| Who is us?
| dspillett wrote:
| Everyone not part of the set who have just invested
| $620,000,000 between them.
|
| Which probably means the vast majority of their users have
| essentially been regraded to "product".
| schnebbau wrote:
| Nerds.
| squiggy22 wrote:
| Auth0 acquires 1Password. Problem solved.
| Sytten wrote:
| I will still recommend 1Password over Bitwarden to non-tech
| people because their whole UX journey is so well crafted that
| even my parents can understand it on their own. The valuation is
| most likely based on that and the potential growth in that
| market.
|
| I use and pay for Bitwarden but even I always get lost in the
| clunky UI and get frustrated by basic tasks (to a point I am
| considering switching). And it only gets worse when you have
| multiple teams and all the secrets are mixed up.
| studmuffin650 wrote:
| Seems like a lot of people are missing the piece as to probably
| why they need the money (and where they're pointing the company
| in the future). Future of 1Password:
| https://www.future.1password.com/
| aniforprez wrote:
| I'm actually surprised by all the reactionary comments here
| with almost no research. 1Password already has integrations
| with Fastmail and Privacy and have launched a Secrets
| Automation[0] offering. I'm assuming this money does go
| partially into the password manager (which they say has always
| been profitable) but I think the money would actually go into
| ancillary services for competitors to Vault or Okta for
| authentication and secrets. Of course, it's not unfounded that
| as consumers we'd be concerned about the affect this might have
| on the base product but they've been pretty open about their
| ambitions since the first funding round a couple of years ago
|
| [0] https://1password.com/secrets/
| matheweis wrote:
| Two major reasons for the backlash:
|
| 1: 1Password _already_ backhanded users once for business
| reasons. They used to be a nice, local password manager that
| synced with dropbox or your choice of filesystem. Then they
| added cloud support and used dark patterns to force adoption
| of a subscription based cloud service while making the local
| version harder and harder to use. At some point I gave up,
| I'm not even sure it's possible to use locally anymore. It
| might be that the marginal utility is worth it, but forcing
| my hand also broke my trust
|
| 2: This is now the path of the majority of American
| corporations, most especially high growth vc funded; make
| something awesome, grow, extract profits, die. It doesn't
| really matter whether it's burritos or password managers,
| we've seen this pattern one too many times.
| neon_electro wrote:
| It's still possible to use it locally in v7; v8 will no
| longer allow it.
|
| The brand damage has been done regardless.
| chasedehan wrote:
| True. I'm reading this as an attempt to move into the
| enterprise auth space (e.g. Okta).
| PragmaticPulp wrote:
| > I'm actually surprised by all the reactionary comments here
| with almost no research.
|
| On the contrary, many of us are already experiencing the paid
| SaaS squeeze from 1Password long before this fundraising.
|
| It doesn't matter what they claim to need the money for. The
| company and product already declined from a great standalone
| option to a forced SaaS subscription payment with the self-
| hosted options removed. There's no way I'm buying the story
| that they're raising more money _without_ a goal of squeezing
| more money from their customers, nor will I believe that
| they're only going to get this profit from other customers
| while ignoring the consumer space.
|
| In the real world, companies don't actually segment up their
| product offerings and operate them as separate businesses
| with separate profitability goals. It's all one big product
| mix and they'll be squeezing money out of everything,
| wherever they can find it.
| jordanpg wrote:
| This. Where is the nuance and slow thinking, folks?
|
| I don't know much about much, but I do know that the far
| future of computing isn't going to involve people memorizing
| and typing complicated passwords, or using finicky password
| managers. There is massive potential for growth and vision in
| this space.
| neon_electro wrote:
| The conversation about 1Password's corporate direction and
| the impact on its products, users and the "ecosystem" they
| appear to care so much about has been going on for months
| if not years before today. There's been plenty of time for
| slow thinking.
|
| I say this as a 1Password subscriber and user of its
| products going back all the way to 1Password 3.
| ballenf wrote:
| Looks like they're aiming to become a cloud-based active
| directory, abstracting away authentication to a higher level
| single identity.
|
| They want to become something like a Passport for users across
| the web.
|
| If they can do this, it will be huge. But hopefully I'm not
| alone in hating this direction and see tracking individual
| identities as a small price to pay to protect freedoms.
| otterley wrote:
| Microsoft tried this over 20 years ago, even calling it
| Microsoft Passport and offering it free of charge, and it
| failed miserably:
| https://news.microsoft.com/2001/08/12/microsoft-passport-
| bri...
| Karunamon wrote:
| There's such a thing as being _too_ ahead of the game. 20
| years ago is an eternity in tech; there 's nothing to say
| it might not work now.
| [deleted]
| btown wrote:
| People thinking this is an absurd amount of money are sleeping on
| how 1Password is quietly positioning itself to become _the_
| ground truth storage solution for corporate secret management,
| across devops and non-technical groups alike.
|
| Given Hashicorp's market cap of 11B, and 1Password's narrative on
| how to become even _more_ central to corporate use cases by being
| the storage layer for Vault deployments, it 's a very reasonable
| leap for them to make!
|
| https://1password.com/secrets/
|
| https://1password.com/secrets/integrations/
|
| https://1password.com/enterprise-password-manager/
| kmac_ wrote:
| Well, Hashicorp stands on _many_ legs and they don 't have much
| competition in many areas as theirs solutions are pretty
| unique...
| rco8786 wrote:
| Their solutions are unique but the problems they are solving
| are not, they are in direct overlap with where 1P is going.
| bradwood wrote:
| Cue 1P - Hashicorp merger conversation
| sleepybrett wrote:
| I've watched three different teams fail to get vault up and
| running in any kind of a sustainable way. If they could
| solve that problem and add a desktop client they could
| crush 1password in this space. Probably wouldn't hurt that
| tons of software engineers are absolutely pissed at their
| moves in the consumer space recently.
| ma2011ma wrote:
| sleepybrett; which three are you talking about? and how?
| Spooky23 wrote:
| Enterprise stuff is slowly moving away from the use cases that
| require solutions like 1Password, and since they are neither
| FIPS 140-2 validated or have FedRAMP ATOs, they have alot of
| work to do.
|
| They also have the issue of all of the crypto nerds going nuts
| when they start getting their FIPS stuff done.
| hn_throwaway_99 wrote:
| It's still hard for me to fathom this valuation. For example,
| all the major clouds (AWS, GCP, Azure) have a Secrets Manager
| as simply one feature. I looked into 1Password secrets when
| they announced it but couldn't find any reason to use it over a
| cloud Secrets Manager.
| mdaniel wrote:
| For the same reason one might choose Hashicorp Vault versus
| the major cloud: cross-cloud, likely a richer feature set,
| almost certainly faster release cycles, and (for AWS
| specifically) no stupid "pay per request" billing to try and
| reason about. I'd guess it can make local development
| scenarios better, too
| theptip wrote:
| I think you are on the money here. I hadn't spotted this but
| they have a k8s plugin for example:
|
| https://github.com/1Password/onepassword-operator
|
| This solves the "restart pods when my secret is updated" issue
| which suggests to me that they are not just paying lip service
| with these integrations.
| Fiahil wrote:
| They probably should merge with https://github.com/external-
| secrets/kubernetes-external-secr...
| kolbe wrote:
| I don't think anyone here is calling it a bad investment for
| the investors. We're calling it a bad event for the users.
| Matl wrote:
| They have been doing some pretty unfriendly moves towards their
| long-term customers, like making sure the new 1Password cannot
| be used without 'the cloud' like the old one could be.
|
| I have no doubt raising more VC money will only accelerate such
| trends.
|
| In fact I've decided to move off of 1Password to BitWarden,
| since at least one can realistically self-host it. That being
| said, it's not exactly easy to migrate from the latest
| 1Password so I wrote my own little utility to do it[1].
|
| I think we need more competition to VC backed products in
| general, just imagine what would happen if the building blocks
| of say a GNU/Linux system we take for granted today would've
| been built with the mindset that investors are going to want a
| return on their investment.
|
| I am not saying there's anything wrong with that in principle,
| but am not sure I want to surrender my passwords to these kinds
| of incentives.
|
| 1 - https://github.com/MatejLach/1password-linux-to-bitwarden
| 2muchcoffeeman wrote:
| Yeah I don't know how to feel about this. I still have a
| license that allows me to use it with a local vault.
|
| But I really want to get the family subscription. The Premium
| BitWarden plan is much cheaper than 1Password but the the
| Family plan doesn't get you as much of a discount and my
| parents are on iPhones.
|
| Edit: Dave Teare, the 1Password guy claims that when they
| were still offering standalone licences in 2018, people
| picked subscriptions over perpetual licences at more than a
| 30:1 ratio. Of course, they only showed the monthly price vs
| the perpetual price. But I'd hope people understand what
| subscription means.
| Groxx wrote:
| Given how _extremely_ hidden they 've made the perpetual
| license option, I'm honestly surprised it's 30:1. That
| seems to be a sign of "people want this bad enough that
| they go hunting for it for quite a while".
| 2muchcoffeeman wrote:
| No, they are picking subscriptions 30 times more than
| licenses.
|
| When they first did this it wasn't hidden at all. The
| website gave you 2 options side by side.
| dsissitka wrote:
| Are you sure? It looks like the license option was hidden
| almost immediately.
|
| https://web.archive.org/web/20160915083507/https://1passw
| ord...
| Groxx wrote:
| It was hidden in both the website and the app almost
| immediately, yeah. Announced in/near August, and your
| link shows it in September:
| https://www.windowscentral.com/1password-launches-
| subscripti...
|
| I remember noticing the announcement of subscriptions
| (possibly a couple weeks after it happened), being
| concerned it'd spell the end for dropbox sync so I
| checked it out ASAP, and then discovering my fears were
| _mostly_ justified - it still existed (and remained
| around for a couple years), but it was shoved waaaay off
| into a corner. E.g. in the next subscription-oriented
| version of the apps, unless you attached a synced file
| FIRST, the option for dropbox syncing or standalone
| licenses _was never available_. The official instructions
| for fixing this were to reinstall the app from scratch
| and attach to the file first, before signing in.
|
| Notice that only a few months later, the standalone
| license mention at the bottom of the page isn't even
| there any more: https://web.archive.org/web/2017021511594
| 5/https://1password...
|
| Super hostile behavior, right out the gate. It was clear
| they were going all-in on subscriptions.
| Groxx wrote:
| That's how I intended it, yeah. I'm surprised it's even
| over 1% of people choosing the standalone license.
| clairity wrote:
| does anyone know definitively which is the last 1password
| version that doesn't _require_ cloud? some folks are saying
| it 's v6 but i have 7.8.7, and everything seems to be
| working fine, as far as i can tell. i still use local
| vaults and dropbox syncing to my ios devices without issue.
| 2muchcoffeeman wrote:
| The last time they offered stand-alone licenses was
| 1Password 7 in 2018. Not that long ago. But they seem to
| have made it harder and harder to get at the local vault
| settings.
|
| Version 8 will only be subscription based.
| clairity wrote:
| so ixnay to version 8 then. are you for sure that there's
| no version 7 point upgrade that's broken like that?
|
| my original license was 1password 3 (teams edition or
| something like that?) i believe, which i'd been upgrading
| all along. too bad they'll lose all this recurring
| revenue, even if it's not strictly as uniform and regular
| as subscriptions.
| 2muchcoffeeman wrote:
| No I'm not. But version 7.8.7 is not that old.
|
| Previously it was one license per user per platform. I've
| bought 1Password at least 3 times and pointed them to the
| same vault. Can't remember if they had paid upgrades.
|
| If you are not inclined to host your own server, it
| really doesn't seem clear to me to migrate away. Only the
| single and 2 user free licence and the single premium
| license for bitwarden is a clear winner. For families
| it's not much cheaper.
|
| I'm not even opposed to paying. I've bought 1P a few
| times. And I'd pay for another service. I think it's the
| fact that they are forcing the choice that gives me a bag
| taste in my mouth. But this is irrational if my 2nd
| choice is to pay bitwarden a similar amount of money for
| a family subscription.
| alanh wrote:
| Definitively: v7 works with stand-alone / non agilebits-
| synced databases; v8 will not. (I think v8 is out for
| Windows but not yet Mac.)
|
| I am a long-time 1Password user who recently made the
| leap to their hosted service. 1Password remains best-in-
| class for me and has a terrific security record,
| especially compared to their peers. While I too lament
| the everything-is-a-subscription-now trend, I remain a
| strong supporter and avid fan of 1Password.
|
| The latest integrations offered, for browsers and for
| e.g. Fastmail masked email address generation [1], only
| work with the cloud offering. I am happy to report that
| these latest offerings are fantastic and have tremendous
| UX.
|
| [1]: https://www.fastmail.com/1password/
| mdaniel wrote:
| I would bet their Privacy.com integration is also
| v8/cloud only: https://blog.1password.com/privacy-
| virtual-cards/
| drtz wrote:
| Long-term 1Password customer here, no affiliation with
| 1Password or AgileBits.
|
| > They have been doing some pretty unfriendly moves towards
| their long-term customers
|
| From my point of view this was not hostile at all: I used
| 1Password with Dropbox sync for years and absolutely loved it
| as a personal password manager _for myself_. But sharing of
| passwords with family was a real pain. I gleefully signed up
| for cloud-hosted 1Password Families at launch and haven't had
| a bit of regret. Of all the subscription services I use, at
| $4/mo 1Password is easily the best bang for the buck.
|
| For sharing, it's just sooo much easer than trying to use
| Dropbox: I can invite family members just by entering their
| email address and 1Password walks them through the setup. I
| can create new vaults with the click of a button and easily
| select who I want to share them with. I can revoke access to
| members just as easily I don't have to have a Dropbox account
| and I don't have to wonder about whether I've set the right
| permissions on my vault files or whether my free Dropbox
| quota has been reached. I don't have to share _my_ vault keys
| and passwords with someone else to give them access to a
| vault. I can still export and back up an encrypted vault
| whenever and however I want.
|
| It's no accident that all of these features are the same ones
| that make their product so attractive to businesses as well:
| ease of access and sharing are both essential for adoption by
| businesses.
|
| One more note: I still have my old standalone licenses and
| can still go back to 1Password 4/6 with Dropbox sync any time
| I want and not pay another dime, as 1Password still has links
| to download the older versions on their website:
| https://1password.com/downloads/mac/
| markdown wrote:
| > They have been doing some pretty unfriendly moves towards
| their long-term customers, like making sure the new 1Password
| cannot be used without 'the cloud' like the old one could be.
|
| Despite disliking being forced into a subscription system, I
| gave it a go. Turns out I'm not smart enough to understand
| their cloud user interface. Was just so confusing.
|
| I switched to Bitwarden.
| Groxx wrote:
| This is exactly why I've switched from strongly recommending
| them, to strongly recommending against them. Plus their cloud
| security UX is _horrendously_ confusing for everyone I 've
| showed it to.
|
| Whoever is driving their cloud push has probably made the
| most profitable business decision, but has absolutely no idea
| how to make a sane product.
| [deleted]
| slenk wrote:
| Yeah I have been slowly trying to push away from 1pass as
| our corporate secrets overlord. 1pass is marketing towards
| business but screwing over their original community
| mrkramer wrote:
| >People thinking this is an absurd amount of money
|
| Yea it is absurd compared to how much money Google and Facebook
| raised back in the day.
| beaned wrote:
| The money isn't worth nearly as much as it was then.
| drdaeman wrote:
| To be honest, I've just started using that (just set up a
| brand-new infra, started to provision users and thought it's a
| good idea to hook it up to a good password manager) and I found
| their Secrets Automation is (IMHO) barely usable for now. One
| can create most basic records but that's about it. I realize
| they don't owe me anything, but - honestly - just from the
| notoriety of the brand I've had higher expectations.
|
| I hope that's just because they don't have enough people and
| currently their efforts are stretched quite thin. $620M is huge
| amount of money, so hopefully they get new hires and would be
| able to deliver.
| 0xbadcafebee wrote:
| It's a leap people make. I wouldn't call it reasonable. There
| is no way Hashicorp generates 11 billion worth of value. The
| only reason they get so much cash is the big players are
| inflating value so they can gobble up as much cash as they can
| before the market comes to its senses and everything comes
| crashing down like in 2008.
| [deleted]
| koboll wrote:
| Pretty typical for people here to be zoomed-in on the b2c side
| of a business because that's what they use, and fail to see the
| b2b side, the underwater mass of the iceberg.
| quickthrower2 wrote:
| I was going to say something about "just use pgp and rsync"
| jrockway wrote:
| I think it's a little weird. I have used 1password at two
| jobs, and thought it was great, so I bought it for myself.
| They want money to sync my passwords between my Windows
| desktop and my iPhone. Seems reasonable to me. I program
| computers for a living and people pay me.
|
| I guess there was a free self-hosted type thing at one point
| in the past? That was before I ever heard of the product, so
| I'm not that upset that it's no longer advertised heavily or
| whatever.
|
| I do have one complaint. They do have k8s secret management,
| which I would like to use for my personal cluster, but it's
| just too expensive for that. Very weird to show it in the UI
| and then when you try to use it, quote you an insanely high
| price. (I just use sealed-secrets instead. If my cluster
| blows up, it will be a very irritating weekend rotating all
| the secrets. But good to do, so meh.)
| ubalatte wrote:
| "Very weird to show it in the UI and then when you try to
| use it, quote you an insanely high price."
|
| How much did they quote? (if you're able to share)
| highwind wrote:
| I used to use 1Password when they just sold the application
| at a fixed price and I handle all the synchronization
| between machines. That option is no longer available. I'm
| one of the users who left because of this.
| cj wrote:
| They used to offer synchronization via Dropbox. Is that
| still an option?
| jtbayly wrote:
| Yeah, we'll, it sucks to pay for an app that is perfect and
| then have them ruin it because of their b2b aspirations. And
| raising money like this is just another link in the chain
| pulling them down into the pit of insanity that ruins the
| most-beloved password manager ever.
| drtz wrote:
| There's a chance that a push toward enterprise may even
| result in a feature a lot of us more savvy individual
| customers would love to see as well: self-hosting.
| wlesieutre wrote:
| I think people can _see_ that this is targeting businesses,
| but they 're not _happy_ about that because they 're non-
| business customers.
|
| It doesn't bode well for the future direction of what has up
| to now been a good consumer-focused product.
|
| Like how Dropbox has gone from "a folder that synchronizes
| your files" to "an electron app for having discussion threads
| about files" because that's what business customers want.
| vram22 wrote:
| yccs27 wrote:
| Hopefully the consumer marketshare has some influence on
| business decisions, which might make it worthwile for them
| to keep non-business customers. This kind of strategy
| certainly works for some professional software, which is
| often even free for students.
| halostatue wrote:
| Count on it.
|
| Unlike many _other_ product companies, they all dogwood
| their own code. Also, IIRC all members of a team account
| are given a family account for their own use (you'd
| obviously have to convert if you separate from the
| company), so they are building for _people_.
| wlesieutre wrote:
| I suspect 1Password sees features like iCloud Keychain
| coming and is trying to grow into other markets because a
| "good enough" built-in password manager will
| significantly decrease their value proposition in the
| consumer space.
|
| Not great if you like their product as a consumer, but
| 1Password's biggest feature differentiator right now is
| better family sharing than iOS provides. That could
| easily change in a future iOS version, and then it's
| suddenly a lot harder for 1Password to grow by selling a
| $60/year password manager subscription.
|
| Enterprise features on the other hand, that's not
| something that OS vendors are likely to ship.
|
| While I don't like the newer versions of Dropbox as much
| as the old ones, I can understand how pressure from
| iCloud and OneDrive pushed them toward enterprise
| features over consumer users.
| alanh wrote:
| I think this underscores some (but not all!) of the negative
| reaction to "Zendesk plans to buy (the company behind)
| SurveyMonkey" -- the latter of which has developed
| significant revenue streams from specific B2B products
| rekoil wrote:
| Great, maybe now they'll be able to afford native apps instead of
| Electron...
| napier wrote:
| A password manager utility? Are we at peak VC profligacy yet?
| vijaybritto wrote:
| How will a password storage service make enough money to justify
| this mind-blowing valuation? Is selling to a bigger company their
| only goal now?
| msoad wrote:
| 1Password will go to the path of LogMeIn, Okta and OneLogin.
| Holding corporations literally by their neck (login) can generate
| *a lot of money*
| dandellion wrote:
| As a paying costumer I can only say that the last thing I want
| from my password manager is for it to push the envelope and
| explore any boundaries.
| mkoubaa wrote:
| Maybe with that kind of capital they can afford to fix OAUTH now?
| xyzzy_plugh wrote:
| Congratulations to all the folks at 1PW! It's been a slog.
|
| I'm very bullish on 1Password. They are the only product that I
| can use across my entire family and workplace with such little
| hand holding.
|
| While they've pretty much solved the consumer front, there is
| much to be done to solve the needs of businesses. For example,
| right now if an employee leaves, we have to rotate everything
| they had access to. Their SSO support and API are pretty new, but
| historically managing vaults and users has been a pain. They're
| making steady progress.
|
| I'm excited to see what comes next.
| nunez wrote:
| Here's to hoping that 1Pass IPOs instead of goes for acquisition
| (which would be awful; see also: LastPass).
| crate_barre wrote:
| Anyone have any insight on how a company like this would even use
| $620m?
| staticassertion wrote:
| 1. Expanding into new markets. "Secrets management" is not easy
| - 1Password is currently handling it for humans but they intend
| to handle it for services as well, likely competing with Vault.
|
| They could launch a full identity provider like Okta.
|
| 2. Perhaps managing other authentication methods. Passwords are
| dying, especially with webauthn, so it makes sense to tak eon
| some money to explore how to be a player in that space.
|
| They could compete with Duo, for example, and start offering a
| 2FA service.
|
| Basically, I expect that the vast majority of this money will
| not be going towards the 1Password that you use today but
| instead towards breaking into new markets. Given the size,
| probably new markets that are somewhat established already.
| [deleted]
| bombcar wrote:
| I predict the way and death of all "cloud companies" that start
| out doing one thing well; they'll add features and document
| sharing and what not until it becomes an unholy mixture of
| Dropbox et al trying to "compete" with Office 365 for some
| reason.
| syntheticnature wrote:
| So... Dropbox, then?
| syntheticnature wrote:
| Advertising is what came to mind.
| thibaut_barrere wrote:
| Today 1password is largely a product for tech people. Nobody
| around me outside tech circles is using a password manager, at
| all. They have the whole world to conquer!
|
| I can envision them (sadly) bought by a larger actor in a few
| years, at a huge valuation.
| ThePadawan wrote:
| That's funny, I only know 1password as that enterprise
| password manager that no nerds use, only normal people that
| work for not completely tech-unsavvy companies.
|
| I don't know anyone that uses 1password privately.
| edoceo wrote:
| Everyone else (ie: non-HN-sapiens) is using the built-in
| password manager in the dominant browser (Chrome).
| dogma1138 wrote:
| Given how many iOS users are out there I don't think that's
| accurate, and I'm pretty sure Android has that feature too.
|
| You'll be surprised how many people don't use a traditional
| computer anymore for most of their "computer time".
|
| And those who do still use a 'PC' probably mainly use Chrome
| or any other browser with a password manager.
|
| The reality is that for most uses a dedicated PM is simply
| isn't necessary.
| darkwizard42 wrote:
| Looks like a large focus will be on corporate users but also on
| R&D on the next gen side of password management
| (https://www.future.1password.com/)
|
| It doesn't explicitly say enterprise all over that, but I
| expect it to be that way, only place you can get that sort of
| return on investment
| dbbk wrote:
| It doesn't need that much R&D... Apple are already building
| out iCloud Passkeys
|
| https://www.macrumors.com/2021/06/10/apple-icloud-
| keychain-p...
| WORMS_EAT_WORMS wrote:
| This on the surface seems like a ton of money... but I don't know
| anything about this level of funding / valuations so who knows.
|
| I love 1Password and use it for business and for personal. I
| recommend it to family and have migrated many people to a more
| secure setup as happy paying customers. Shared vaults for
| families are so important for emergencies.
|
| It's expensive though.
|
| It doesn't provide a quick way to share a URL with a client that
| isn't a PITA.
|
| The interface could be prettier and make more sense. Like why is
| the "new" button almost a secret location and barely visible.
|
| Enabling two-factor with it is the absolute BEST but was buggy
| setting up. No simple iOS integration either.
|
| There hasn't been any super "major" updates in like 2 years to
| functionality (despite what blog boasts)
|
| List goes on but it's the best for now.
|
| I can't justify paying more. So hopefully there huge funding plan
| isn't to squeeze little folk and is more for big business.
|
| If Apple just went a little bit further with its manager (or even
| Google) I'd probably jump ship.
| bombcar wrote:
| `But we don't just want to keep up; our goal is to push the
| envelope and explore beyond the boundaries of traditional
| password management.`
|
| Hmmm, sounds like the time to migrate may be sooner than I'd
| hoped.
| cstross wrote:
| Sounds like they've noticed both macOS and Windows getting
| integrated cloud-based password management capabilities and
| feel the need to branch out in order to stay one jump ahead of
| irrelevance.
|
| (Disclaimer: I'm a satisfied 1Password customer. Just noting
| that their competitive edge is wearing razor-thin these days.)
| hcurtiss wrote:
| Agreed. And with Edge/Authenticator, it's cross-platform as
| well (Windows, MacOS, Android, iOS), and as of recently, it's
| close to feature parity. We dropped our Lastpass
| subscription. It's probably families like ours that has
| 1Password worried.
| loceng wrote:
| So what's the pitch to the investors then - they'd arguably
| need to disclose this possibilty? Or is this next level of
| pumping up before dumping on public market via IPO?
| theturtletalks wrote:
| I long hoped Apple would buy out 1Password and include it in
| their iCloud+ subscription.
| howinteresting wrote:
| As a 1password user on Linux, Mac, Chrome, Firefox, and
| Android, dear god I hope that doesn't happen.
| cianmm wrote:
| There were [rumours of exactly
| that](https://9to5mac.com/2018/07/10/apple-not-
| buying-1password/) a few years ago
| rdtwo wrote:
| I wish the Apple password manager worked cross platform.
| daggersandscars wrote:
| Apple provides a plug-in for Chrome to allow use of your
| stored passwords on Windows. Announced last year. I've
| tried it on Windows, appears to work, but do not know how
| secure it is.
|
| --- Edited to remove references to Linux. Appears to be
| Windows only.
| ksec wrote:
| Yes. But you can't even use those password on _Mac_ when
| you are using Firefox or Chrome.
| tonyedgecombe wrote:
| It seemed quite buggy when I tried it.
| raydev wrote:
| Given Apple's track record with other web-related
| services on non-Apple platforms, don't expect it to
| improve much or at all.
| raydev wrote:
| They would've immediately halted cross-platform support or
| at least severely limited it due to
| institutional/organizational issues. Any 1Password
| subscriber not using an iPhone would soon be unhappy.
| theturtletalks wrote:
| Although this could happen, I think it's unlikely. Apple
| knows it's a services company as much as a hardware
| company now. If you look at their existing services, they
| are not excluding non-Apple users.
|
| - Apple Music has a web UI and Android app
|
| - FaceTime recently added 3rd party links allowing non-
| Apple users to join calls
|
| - Keychain is being made compatible with Windows Chrome
|
| It's clear from raising this much money that 1P owners
| are doing a "private IPO" or adding more products and
| features. If it's a cash out, wouldn't you want a privacy
| focused company to buy it instead of VCs funding it and
| expecting a return? If they are building new features and
| products, Apple buying it could bankroll that and temper
| price spikes.
| raydev wrote:
| > Apple Music has a web UI and Android app
|
| This is exactly what I'm referring to. I put up with
| Apple's website for more than a year as my primary
| casual-use computer became a Windows PC.
|
| I work on iOS apps for a living. App Store Connect has
| always been terrible. Bugs linger for years. Elements
| continue to break in unexpected ways. The place where
| developers receive feedback from Apple is still hard to
| find even though it's immensely important. The website
| received a major redesign a few years ago and the bugs
| were still there!
|
| Now apply that lack of care to a music website. Being
| forced to login daily. Asked to perform 2FA daily, so I
| need to keep my iPhone near me if I expect to play music.
| Songs inexplicably not playing, if play fails repeatedly,
| maybe a page refresh will work. Songs inexplicably only
| playing previews, forcing you to log out and log back in.
| Zero effort to restore your previous searches.
|
| Apple makes _attempts_ at providing services on the web.
| But for those of us attempting to use those services, the
| experience varies from subpar to outright hostile.
|
| > Keychain is being made compatible with Windows Chrome
|
| Again, see how people review this in this very thread.
|
| ---
|
| Simply providing the service does not mean it's good.
| That's what I mean by "institutional" and
| "organizational". They half- or quarter-ass what they
| ship, and then they leave it to rot.
| Someone wrote:
| Apart from "works on stuff you didn't buy from Apple" (a
| feature that I think isn't in Apple's interest to support
| well), what major features does it have that keychain
| syncing over iCloud doesn't already have, or could easily
| add?
| hk__2 wrote:
| It goes beyond passwords. I use 1P to store documents,
| 2FA codes, IBANs, notes. You can also attach arbitrary
| metadata to each entry, and I don't think there's the
| ability to filter by category in the iCloud keychain.
| ascagnel_ wrote:
| Shared family vaults are the big thing for me -- I don't
| want to share _all_ of my passwords with my family, but
| 1P is a good way to share stuff like streaming service
| logins.
| Someone wrote:
| iCloud KeyChain has automatic sharing of services, but
| only for Apple Services (https://support.apple.com/en-
| gb/HT203046)
|
| That might be because they want to make their own
| services more attractive (if so, I think they made the
| wrong choice), but also could be a legal thing.
|
| https://www.apple.com/family-sharing/: _"You can add
| anyone to your Family Sharing group age 13 and older and
| invite them to share an Apple Card"_ , so members of An
| Apple iCloud 'family' neither have to be family members
| nor live at the same address.
|
| That's broader than, for example, the TOS of Netflix
| (https://help.netflix.com/legal/termsofuse: _"The Netflix
| service and any content accessed through the service are
| for your personal and non-commercial use only and may not
| be shared with individuals beyond your household"_ )
|
| Apple might fear getting sued if they make it easy to
| share a Netflix password with members of a family plan.
| m12k wrote:
| To me it means the contrary. If they had to make those $620M
| back by just selling password management, then we'd all better
| expect it to get crazy expensive soon. But if they branch out
| and start making money on other products and services too, then
| there's a chance the product I currently use will remain
| affordable.
| ziggus wrote:
| So that means what? My password manager is going to start
| crypto-mining, and share the profits with me? My password
| manager is going to report all the sites that I have stored
| passwords for back to the companies?
|
| Whatever the case may be, I'm sure it's going to turn out to be
| something completely worthless to me.
|
| Fortunately, there's always Keepass, which keeps plugging away
| doing exactly what it says on the tin.
| XorNot wrote:
| Oddly enough 1Password could innovate productively here: use
| some market clout to push for a standard way for password
| managers to do automatic password rolling without user
| interaction.
|
| Imagine a world where a standardized protocol let a company
| put out verifiable "we've been hacked notice" and my password
| manager would just take care of it next time I opened it (or
| throw a prompt or something).
|
| Doubt this is going to happen though.
| madeofpalk wrote:
| Or even not have passwords at all. There is a lot to do in
| this space.
| criddell wrote:
| Surely there's still room for some innovation in the
| authentication space?
|
| I remember a few years ago Steve Gibson was working on a
| certificate based system called SQRL and it sounded pretty
| cool to me. Maybe 1Password have some ideas of their own?
| MAGZine wrote:
| There's a couple examples already, including one click credit
| card information saving (through your card issuer), and their
| private email aliasing through fastmail partnership.
|
| A lot less incendiary than your hypotheticals.
|
| https://blog.1password.com/save-in-1password-button-with-
| ram...
|
| https://1password.com/fastmail/
| dannyw wrote:
| They're probably going to develop some proprietary, closed
| source authentication SDK, that's not compatible with other
| password managers, and bribe websites to use it.
|
| Your choice eventually will be entering a standard password
| and specifically engineered to be annoying CAPTCHA, or pay
| for 1Password. Use Keepass or BitWarden? CAPTCHA. why?
| "Security".
| yabatopia wrote:
| > Whatever the case may be, I'm sure it's going to turn out
| to be something completely worthless to me.
|
| You're probably right. Here's their vision of the future:
| https://www.future.1password.com/
|
| It screams CORPORATE. Not a single mention of family or
| single user. It's all about business security, safely sharing
| data, protecting your company, etc.
| billbrown wrote:
| We have a corporate password vault and it sucks. If
| 1Password makes a compelling product and brings their
| considerable UI/UX expertise to bear on it, this could
| absolutely take off and make my life easier.
|
| With 100k individual users and its background as a consumer
| application, 1Password wouldn't neglect the non-corporate
| customers--at least until David Teare retires or otherwise
| leaves.
| vidarh wrote:
| 1password _has_ a corporate offering. We use it at work,
| and while I haven 't thought about to what extent it'd
| scale to a huge company it works very well for small ones
| with the ability to e.g. share vaults and manage
| permissions across users.
|
| But incidentally the same features which makes it great
| for work also makes it great for me to share access to
| vaults with my son for example.
| billbrown wrote:
| I was speaking more about an enterprise product like
| Hashicorp Vault but I was quite unclear. I knew about
| 1Password for Teams (use Family personally).
| mbesto wrote:
| > It screams CORPORATE.
|
| How do you have a universal login that _doesn 't_ require
| corporate onboarding? You're just not the person this
| landing page is positioned for. They need corporate buy-in
| so you the user _can_ login with one login across all of
| those sites. If you the single user want to easily login to
| Netflix and Amazon with a click of the button, then how do
| you expect 1P or any org for that matter to offer that if
| they don 't have a direct relationship with Netflix or
| Amazon?
|
| This is like using Google.com to search for things to find
| and screaming "Google is too corporate" when you landed on
| the Google AdWords landing page (ads.google.com).
| kspacewalk2 wrote:
| Family/individual accounts are nice and all, but most
| families/individuals just don't give a fuck about security
| nearly enough to pay a monthly fee for a password manager,
| and probably never will. The saturation point for them in
| this market is not too far off.
|
| So they go where there's real money to be made. They are
| well-positioned to become the default choice to handle
| corporate day-to-day cyber-security needs of most non-tech
| businesses, and if they can pull it off even moderately
| successfully it will make them the biggest Canadian IT
| company. Family accounts never ever will.
|
| That doesn't mean their product won't remain the best*
| choice for individuals and families. Microsoft also doesn't
| give a damn about family or single users of Office, yet we
| all* use it because it's still the best* product on the
| market.
|
| * words like 'all' and 'best' are approximations of what's
| going on in the real world, not in HN where significant
| numbers of people may very well be using LibreOffice and
| the Nth fork of Keepass.
| johncalvinyoung wrote:
| Upvoted for your final-line analysis of 'normal for
| muggles' and how HN is not a representative sample.
| lolinder wrote:
| > most families/individuals just don't give a fuck about
| security nearly enough to pay a monthly fee for a
| password manager
|
| It's more than that, most families that _do_ care about
| security don 't need features beyond what is built into
| iOS/Android. When I encouraged my wife to start using
| randomized passwords, I didn't even have to help her get
| set up. She already knew how to use Apple's password
| manager, so she just started using it. No setup, no
| additional monthly fee, just a quick decision to start
| using it.
|
| When we need to share a password, we just read it off to
| each other and put it in our respective password
| managers. There aren't really any features in a paid
| password manager that we miss.
| noirbot wrote:
| I mean... that seems fine? Taking a consumer product and
| making a business version of it feels like a totally ok way
| to grow a company that already has a stable product that
| people like. Them making new features you don't use doesn't
| mean they're going to break or diminish the stuff you do
| use.
|
| Sure, they could mess it up, but any company or open source
| project can mess everything up.
| cooperadymas wrote:
| When Crashplan did this, they removed their home offering
| and completely dropped a large portion of their user
| base.
| noirbot wrote:
| Sure, but I'd be surprised if Crashplan was operating
| their home offering at a profit beforehand and just went
| "eh, we don't need money". 1Password seems to have a
| totally viable consumer market that's making them money
| without all that much work on it. It would seem weird for
| them to kill a golden goose.
| anamexis wrote:
| Also, it is good for companies when their employees use
| good password management everywhere, including in their
| personal life. The 1Password for Teams Business plan
| includes a free family plan for every user, so there's
| mutual reinforcement there.
| tonyedgecombe wrote:
| I can't remember a company that has served individuals
| and enterprises simultaeneously without one side getting
| a compromised offering.
|
| One of the things I like about Apple is they don't really
| pander to the enterprise. They won't turn the business
| away but you can see it isn't a priority.
| noirbot wrote:
| I'm not sure this is true. If anything, they're the
| perfect example of how to do it right though, which is to
| have products that are business OR personal focused, and
| not generally both. The Mac Pro and the new monitors are
| both very clearly only a reasonable cost point/feature
| set for enterprise clients. The higher end Macbook Pros
| are similar, especially post redesign.
|
| Almost everything Apple makes, "Pro" name aside, is
| either an enterprise offering where they're ok if random
| consumers buy it, or a consumer item where they don't
| mind if enterprises buy it. I have no interest in buying
| a reference monitor that costs more than my last 4
| computers put together, but I could just go buy one, I
| guess.
|
| Optimally, 1Password does the same thing. If companies
| want to buy their current offering (and my current
| employer does) that thusfar hasn't really messed with my
| personal use. If they come out with some Okta competitor
| in the future, I won't need to care about that either
| unless my company uses it. Optimistically, both products
| can be targeted to different markets.
| tonyedgecombe wrote:
| I'd distinguish between the professional market and
| enterprise.
|
| Look at the lengths Microsoft goes to in order to
| maintain backwards compatibility for their enterprise
| customers, Apple in comparison just doesn't care.
|
| Obviously I don't have access to the sales figures but my
| guess is most Mac Pros are going into audio/visual
| studios or else high net worth individuals. It's not the
| sort of thing enterprises will buy if they can avoid it.
| bombcar wrote:
| Microsoft does decently well here, and you can navigate
| this _if you basically give individuals enterprise
| software_.
|
| The problem comes in when you try to _cripple_ the home
| version so that small businesses, etc don 't just use
| that.
| waynesonfire wrote:
| > Sure, they could mess it up, but any company or open
| source project can mess everything up.
|
| Luckiky when they do, github just bans their account
| dahfizz wrote:
| > Them making new features you don't use doesn't mean
| they're going to break or diminish the stuff you do use.
|
| Except they have already started to diminish what used to
| make 1P great. We now get no native apps, no local vault
| storage, no upfront payments. The VC rot has already set
| in.
| only4here wrote:
| You can never trust cloud-hosted password managers..
| chefandy wrote:
| Maybe _you_ can 't. Everybody has their own risk tolerance,
| but at some point, everybody's going to have to draw a line.
| Maybe you're only storing passwords for local services, but
| almost all of the credentials in my password manager are for
| services run on some cloud. Even then, did you evaluate all
| of the code for each of those services? How about the
| compiler code or the chips? Dell shipped out machines with a
| hardware trojan in 2010.
|
| I have separate instances for work and personal accounts, so
| one breach wouldn't affect the other. Since my passwords are
| distinct, the number of accounts that would actually be
| useful to them is minimal, and fraud response is a pretty
| important metric in deciding what companies I do important
| business with. Identity theft is a problem, but all of this
| is probably more likely to be leaked in some other database,
| like the Equifax hack, than through an account compromised in
| a password manager cloud storage breach.
|
| My password manager being compromised would indeed be a huge
| time suck, but I don't think the long-term consequences would
| be any more severe than a few key individual accounts that
| are probably even more vulnerable. I think things like
| coordinated attacks where they social engineer their way
| through 2FA-- which have been seen in the wild-- to present a
| greater real-world concern.
| ifyoubuildit wrote:
| > Maybe you can't. Everybody has their own risk tolerance,
| but at some point, everybody's going to have to draw a
| line.
|
| I'm in agreement with parent, I think putting your
| passwords in the cloud is a wild single point of failure.
| Even if you can tell a compelling story about how they
| carefully encrypt everything right now, you're always a
| silent update away from it all being dumped on the
| internet.
|
| I think people (in aggregate) just don't care about the
| risk and will take the path of least resistance. They don't
| have to draw the line there, but they will.
|
| > My password manager being compromised would indeed be a
| huge time suck, but I don't think the long-term
| consequences would be any more severe than a few key
| individual accounts that are probably even more vulnerable.
|
| Having your main email account compromised seems like an
| absolute nightmare where you potentially lose control of
| every single service that you subscribe to (banking,
| utilities, cell phone (so maybe 2fa is even broken),
| medical portals, social media, etc).
|
| Having your entire set of passwords compromised is like
| that on steroids. Rather than your attacker having to use
| your email to get to each of those services one at a time,
| they just have them immediately. And who says you'll even
| know that your stuff was compromised?
|
| I'm a bit of a crank though. I don't do any of the smart
| home stuff. I see my phone as a necessary evil. If some
| company shoehorned an app or a WiFi connection into their
| product, I don't buy it. After being in tech long enough, I
| just want things that work for me, not for the company I
| bought them from.
| avianlyric wrote:
| > you're always a silent update away from it all being
| dumped on the internet.
|
| This is true of all password managers that have any
| ability to connect to the internet. You're one silent
| update away from your manager suddenly uploading all your
| passwords to a random endpoint in Russia.
| ifyoubuildit wrote:
| Theoretically, if you audit the source then you only
| really need to care about updates to the actual code. If
| it doesn't do silent updates then it can't change
| underneath you, even if it does some kind of network
| operations.
|
| Its not fool proof, but it feels better than a black box
| that could be a different black box tomorrow or after the
| next acquisition or round of investment.
| chefandy wrote:
| > Even if you can tell a compelling story about how they
| carefully encrypt everything right now, you're always a
| silent update away from it all being dumped on the
| internet.
|
| This is also true for your operating system updates,
| browser, browser extensions, compilers, the
| infrastructure for your email service provider, any
| libraries those things use etc. Not to mention your local
| password manager. Even if you don't accept push updates,
| do you evaluate the code? What if the vulnerability was
| timed to pop a few weeks after release? What if it was
| included in an update that patched a major vulnerability
| so you went faster than your normal process afforded?
| Even if you have a local firewall that stops external
| connections from unrecognized programs-- what if it's a
| whitelisted program or the operating system or the
| firewall itself?
|
| Why would you a password manager's encryption less than
| you would trust your email service's encryption? I'd bank
| on the password managers' being a lot more robust.
|
| What about RATs that could access your local password
| database? RATs are a lot more common than cloud service
| breaches.
|
| And as I mentioned previously, Dell shipped a hardware
| trojan in 2010.
|
| There are tons of single-point attack vectors in this
| chain. I'm not a security expert, but storing encrypted
| data in cloud storage seems less likely than others be a
| viable target.
|
| > Having your main email account compromised seems like
| an absolute nightmare where you potentially lose control
| of every single service that you subscribe to (banking,
| utilities, cell phone (so maybe 2fa is even broken),
| medical portals, social media, etc). > Having your entire
| set of passwords compromised is like that on steroids.
| Rather than your attacker having to use your email to get
| to each of those services one at a time, they just have
| them immediately. And who says you'll even know that your
| stuff was compromised?
|
| Let's say they did compromise your email account. Since
| only a few of your accounts are genuinely consequential
| to nefarious criminals, the number of password resets
| they'd need to execute might set them back, what-- 5
| minutes if it's not scripted? And all of it is moot if
| you use a 2FA method aside from email? Beyond that,
| considering how much more frequently email accounts get
| compromised, singling out the storage location for
| password manager databases seems pretty arbitrary.
|
| I just don't see how the opposition stands up to a
| comparison of attack vectors.
| ifyoubuildit wrote:
| > This is also true for...
|
| Agreed, those are already risks, and ones that are a lot
| harder to mitigate (though I do try where I can). Does
| that mean I should add another one that I can easily
| avoid?
|
| There are risks in both local and cloud password
| managers. Maybe those risks seem equivalent to some
| folks, and the cloud features are useful enough for it to
| be a no brainer for them. For me, I don't at all mind
| manually backing up and manually copy/pasting
| credentials, and I don't miss the convenience of the
| cloud features.
|
| > Let's say they did compromise your email account ...
|
| This seems focused on the case of a dedicated attacker
| focused on you specifically. Id think each of us is more
| likely to be affected by various automated attacks that
| are backed by large dumps of account credentials.
|
| In any case, I agree risks already exist in other places.
| For me in my specific set of circumstances this just
| seems like an easy one to skip.
| chefandy wrote:
| Hey-- whatever works for your setup. Especially for those
| who don't use a smart phone and have one machine, it's
| probably a minimal loss in functionality.
|
| > Does that mean I should add another one that I can
| easily avoid?
|
| All other things being equal? Avoid it, of course. I
| firmly oppose letting perfect be the enemy of good in the
| sense that more secure is better than less secure even if
| it's not perfectly secure. But I also oppose it in the
| sense that rejecting beneficial functionality because
| it's not perfectly secure, especially when it's not close
| to the biggest or most attractive attack surface, doesn't
| make sense. Even when password managers' servers were
| compromised-- LastPass, for example-- I don't think
| anybody ever got ahold of passwords. KeePass OTOH was
| broken with KeeFarce and RATs are a lot more common than
| cloud service server breaches.
|
| > This seems focused on the case of a dedicated attacker
| focused on you specifically. Id think each of us is more
| likely to be affected by various automated attacks that
| are backed by large dumps of account credentials.
|
| Nope-- If it was automated the distinction is even less
| significant. A script would only need to search your
| email for whatever specific types of logins it supported
| and fire off password resets. Non-email 2FA becomes even
| more of a hurdle without the option of social engineering
| it or some other human-touch fix.
|
| Consider this. (very) Roughly, this is the market
| penetration for these products:
|
| * computer: 90%+
|
| * smart phone: 85%
|
| * tablet: 50%
|
| * computer, smart phone and tablet: 40%
|
| Most people (in this country, at least,) have multiple
| devices. Most people have internet access. Most people
| aren't going to be able to manage storing and sharing
| passwords among their devices at all, let alone more
| securely than cloud storage would do it. So for most
| people's use cases, it would be like citing health when
| refusing to put a teaspoon of sugar into the cup of tea
| they're having with cake and ice cream.
|
| So like I said, avoid it if it doesn't improve your
| life-- I have no stake in your password management
| choice-- but I will actively butt in to qualify the
| sentiments expressed in this thread because, a) many
| users, even on this site, aren't sophisticated enough to
| engage in the sort of cost/benefit analysis that we are,
| and b) to them, this conversation is unintentional FUD.
| Cloud-based password management is vastly superior to
| regular folks' existing methods. If they're put off by
| technically savvy people saying they're fundamentally
| insecure, that is the embodiment of perfect defeating
| good.
| [deleted]
| velcrovan wrote:
| You can never fully trust any password manager unless you
| audit all of its source code and compile it with a compiler
| whose source code you have also fully audited. Good luck!
| mateuszf wrote:
| > You can never trust cloud-hosted password managers..
|
| If you examine the source code of a client (for example
| bitwarden) and make sure that it's not leaking your master
| password and then compile the soft yourself and not update -
| you'll be pretty safe.
|
| This will make it similarly secure as e.g. keepass, because
| even for keepass you should be sure the source is legit
| nisegami wrote:
| Technical trust is one thing, but I think the trust GP is
| referring to is more of a trust in the company's commitment
| to the business model. Password Managers aren't sexy. There
| isn't a ton of disruption possible in the field, so these
| companies may tend to look to expand beyond password
| management or get acquired. This in turn can mean the
| password manager product will be left to rot.
| soheil wrote:
| I really love an alternative that does these:
|
| 1. native app (no bullshit JS based) for speed 2. the same
| keybindings CMD+\ or Option+CMD+\ to fill in or pop up the menu
| 3. sync with icloud 4. not look like total shit (ie. lastpass)
|
| Do these basic things and I think you can easily steal 1pass
| users.
| ascar wrote:
| What of these are you missing with keypass? Except that sync
| would be done through a regular file (the keypassdb).
| torstenvl wrote:
| All of them? There isn't a single good KeePass client on
| macOS.
|
| Strongbox is the most polished but doesn't offer browser
| integration.
|
| KeePassXC has a terrible UI, and MacPass doesn't remember
| your key file between sessions. Both require staying in
| your Dock and need the janky KeePassHTTP-Connector to work
| with a browser.
| Dedime wrote:
| KeePassXC is excellent, and available on MacOS / Linux /
| Windows
| xrisk wrote:
| Can recommend Keepassium for macOS/iOS. Just works(tm).
| bombcar wrote:
| Apple is _so close_ with Keychain, I feel if they spent a bit
| a time on the UI of it and offered some plugin capability it
| 'd be perfect.
| ascar wrote:
| I found Keychain quite horrible. Everything is or at least
| felt just too abstracted away so that I don't feel in
| control of my secrets. Might have been just the UI though.
| And then it's obviously not crossplatform by default. Sync
| your password database between your Android phone and Mac?
| Nope. So it's another step into vendor lock in.
| btmoore wrote:
| Keychain supports some pretty great stuff like WebAuthN
| and 2FA codes. It's UI is kinda bad though. I'm all-Apple
| and techy, so it works great for me.
| zwily wrote:
| The Keychain integrations and UI have improved a lot over
| the past couple years. That said, I still use 1p for
| family sharing.
| rdtwo wrote:
| I agree it's so easy, if they add some sort of plugin that
| pushes to you phone to verify It's you - game over.
| drtz wrote:
| As a regular user of Android, Windows, and Linux systems
| Keychain is almost worthless.
| beberlei wrote:
| I believe this is regarding their new infrastructure secrets
| product, so hashicorp vault but more corporate maybe.
| dexterdog wrote:
| I read that as "hashicorp vault, but more expensive with
| wildly varying pricing schemes."
| ojilles wrote:
| I read it as Hashicorp Vault, but for all employees, not
| just (IT) engineers.
| shane_b wrote:
| I personally think password managers are positioned best for
| web3.
|
| Just add crypto wallet functionality (similar encryption
| skills) and then facilitate both web2 and web3 login.
| yawnxyz wrote:
| I'm surprised they haven't bought Rainbow or Metamask or made
| their own crypto wallet yet. Combining their current browser
| extension with private key management in a crypto wallet
| makes a lot of sense to me.
| Chris2048 wrote:
| I really hope this means new product offerings with no impact
| on existing products, rather than "fucking with the product b/c
| it doesn't make us enough money".. which I'll dub corporate
| Marak syndrome..
| cianmm wrote:
| I think of it as Evernote Syndrome. Take a perfectly great
| app and then slowly add nonsense on it until it's slow and
| bloated.
| notpachet wrote:
| You say Evernote, I say Jira.
| Aeolun wrote:
| Who in the fuck values 6.8B dollars for a password manager?
|
| For that kind of money you can build (apparently) 10-20 of them.
| adim86 wrote:
| I am surprised people are worried about 1Password getting this
| money and not caring about their users. How about at least they
| have money to be alive for the foreseeable future. I am worried
| about free password managers because they are broke and could
| sunset the app at any point and now I have to go find something
| else, or better yet, no financial incentive to do the best thing
| for the app. They do it for fun. My security is not for fun. LOL
| degoodm wrote:
| I hope that's enough to finally make a Chrome extension that
| works. Theirs seems significantly broken half the time.
| cpuguy83 wrote:
| I've been using Edge with 1P for the last couple of weeks.
|
| I agree, it used to be terrible. Now it is better than Safari's
| 1P extension.
| circa wrote:
| I used to use Lastpass but once they were bought out, I bailed.
| Anytime I see these types of Password articles I always like to
| share that I've been using Dashlane for years and love it. Multi-
| platform and now its all browser based. The iOS app is great too.
| It also includes a VPN with the pro plan.
| https://www.dashlane.com/cs/1k5JfApcebh1
| xchaotic wrote:
| Every time I see such a pre emptive money grab (1p doesn't need
| all this money upfront- they could fund new features and growth
| from paying customers) I know that prospective users will have to
| pay back a multiple of the 600M back to the investors. Why would
| I choose 1pass, knowing that they'll want even more money in the
| future, in perpetuity, when free alternatives exist? I also feel
| like it makes them a super juicy central attack target for both
| commercial and state sponsored hackers.
| smcleod wrote:
| You'd think with $620M they'd be able to continue to develop
| native applications and not 'have' to move to a javascript react
| monstrosity.
| saddestcatever wrote:
| Bummer.
|
| I used to be a huge advocate for 1Password.
|
| Purchased a single license for $60 back in the day. Backed up my
| vault to Dropbox.
|
| For a few years, it was the best app I've ever bought.
|
| Now with the upgrade to monthly subscription, my Windows machine
| is stuck on a crappy legacy version of the app. I get that every
| company and their mother wants that $A$$ money, but I truly miss
| the simplicity.
| greenSunglass wrote:
| any alternative you folks recommend?
| rcarmo wrote:
| Have a look at https://taoofmac.com/space/apps/1password for a
| list.
| nano9 wrote:
| I just use `pass` but if you want bells and whistles, then that
| probably will not work for you.
| lotsofpulp wrote:
| KeepassXC, or Keepass databases and Strongbox for a polished
| iOS app. And any cloud file sync service.
| hcurtiss wrote:
| Edge with Authenticator works very well, it's cross-platform,
| and as of recently has near-feature parity with Lastpass and
| 1Password.
| koeng wrote:
| I really enjoy using pass / gopass
| Croftengea wrote:
| Bitwarden, of course.
| desdiv wrote:
| Bitwarden. Both the client and the server is open source. You
| can selfhost the server, or you can use their server.
| Stevvo wrote:
| Google/Chrome offer the best user experience for password
| management, but I guess many people using 1Password are doing
| so specifically to avoid Google?
| ron22 wrote:
| https://bitwarden.com/
| mtremsal wrote:
| I haven't changed my setup of (free) keepassxc in (free)
| Dropbox in 10+ years. You can even add a standalone version of
| keepassxc in there if you're worried about needing passwords
| from a new computer. Usually, simple beats free (Spotify >
| torrents) but somehow this setup has always just worked
| perfectly for me.
|
| That being said, for friends and family I'd suggest paying for
| 1password. Or using a paper notebook. Most alternatives don't
| have a stellar track record with security.
| IOT_Apprentice wrote:
| The question to ask is WHY did they raise that much? What are
| they going to be using that much cash for?
| PragmaticPulp wrote:
| I've been using the older 1Password 6 version for a long time
| with Dropbox syncing. This is the version that still had
| perpetual licensing.
|
| And it works just fine. I can see why they're pushing so hard to
| force everyone to their paid SaaS service: I haven't paid them
| additional money in years and yet my setup works perfectly well.
|
| Eventually, though, one of the browser extensions will stop
| working and they'll insist I upgrade if I want to keep using it.
|
| My only hope at this point is that some other company will come
| along and make a password manager with equivalent UX (the only
| missing piece from competing products) and undercut them. Surely
| someone can do it with, say, only a couple million dollars
| invested instead of hundreds of millions.
| throwaway984393 wrote:
| Jesus Christ this is infuriating. Now I have to go find a
| different password manager that will just take my money, be
| profitable, and not become another fucking SV unicorn horror show
| capitalist wet dream.
| gizmo wrote:
| 620m at a 6.8bn valuation is staggering. If they IPO at 10bn in a
| year they need a plan by then to grow towards a 30bn valuation,
| otherwise doing an IPO makes no sense. That is unbelievably
| ambitious for a password app.
|
| The founders are clearly willing to bet their company on their
| expansion plans. In the post they allude to expanding to the
| security space more generally. Curious to see this develop in the
| coming years.
| JadoJodo wrote:
| Both the Fastmail[0] and Privacy [1] integrations have made
| 1Password a joy to use in the past few years. I've used premium
| BitWarden in the past, but the UX of 1Password is hard to beat.
| Congrats to the 1Password team!
|
| - [0] https://blog.1password.com/fastmail-masked-email/ - [1]
| https://blog.1password.com/privacy-virtual-cards/
| zerkten wrote:
| A lot of comments don't seem to acknowledge the importance of
| UX to leveling up security. Historically, security products
| have had terrible UX with everyone working around these and
| introducing more risks. 1Password is doing a great service here
| by making security simple and reduces our overall attack
| surface.
| mdaniel wrote:
| I wholeheartedly agree with the UX comment, and for the
| "leveling up security" part specifically, I'll point out that
| 1P 8 now has a "generate horse-battery-stable 'security
| question' answers" button, which is about as close to the
| intersection of good UX and good security as I can imagine
|
| My experience with Bitwarden is that their browser extension
| is gravely broken, which is a subset of UX, but crosses over
| into "how is this not a 'stop all work and fix it' bug?":
| https://github.com/bitwarden/browser/issues/1620
|
| I have a paid Bitwarden subscription, because I wanted to
| give it a fair shake, but based on my experience thus far
| it'll be years before they catch up to AgileBits
| [deleted]
| throwaway5752 wrote:
| Regardless of the TAM of secret management and the enterprise
| market for it.. this is a ton of money. I don't fault 1Password
| for taking it if it was offered, but I personally find it off-
| putting. How can the market opportunity be so compelling to
| justify that level of investment, but at the same time require
| that much capital infusion to chase? If there is enough demand it
| should be possible to balance funding from external investment
| and cash flow. They've been around 17 years, so my hope is it is
| just early investors cashing out on a $7B valuation, which seems
| doesn't seem unreasonable. It is hard to know without more
| details.
| wim wrote:
| This sounds like they might go enterprise and go after Okta and
| the like
| [deleted]
| DrBazza wrote:
| Are "password storing" tech companies worth a billion or so?
|
| And what's the "unique selling point" that stops me switching
| from one to another?
| darkwizard42 wrote:
| Looks like another commenter added some context:
|
| For some very rough context: - Duo was acquired for $2.35B
|
| - Ledger was valued at $1.5B
|
| - Dashlane was valued at $1B
|
| - Yubico was valued at $600M
|
| - LastPass was acquired for $110M
|
| - Trezor has an annual revenue of $5M
|
| - Authy was acquired after receiving investments of $3.8M
| DrBazza wrote:
| Gosh. I'm in the wrong business. I should create my own
| "store your password" company. How hard can it be?
| drcongo wrote:
| This is terrible news.
| vladstudio wrote:
| Eh. I used to use 1Password long ago, when it was still a
| "normal" app (one-time payment, not trying to become a unicorn).
| It was easy for me to switch password managers (my needs are
| modest, and I generally like to break my app habits once in a
| while). My journey included (1) self-written manager; (2)
| LastPass; (3) pass CLI, and (4) Bitwarden (free tier).
|
| I'm now a happy Bitwarden user. It's ugly, and I'm a UX designer,
| but it's the least worst! (to me)
| unethical_ban wrote:
| Keepass + GDrive/iCloud is going to be the recommendation I
| provide my friends and solo business owners in an upcoming
| presentation.
|
| The file itself is under your control, apps are cross platform
| and desktop, and it is pretty intuitive.
|
| That plus either 2fas (allowing for local token backup) or
| Authy (encrypted cloud backup) of MFA, and I won't hear about
| Instagrams getting pwned again.
| TameAntelope wrote:
| 1Password is _vastly_ superior to Bitwarden from a UX
| perspective, and considering that 's literally the only reason
| I have a password manager, that is, by far, the most important
| thing.
|
| If you think "security" is the reason you have a password
| manager, how come all of your accounts are tied to your email
| address? If you _just_ wanted security, there are, by far, more
| secure tools and practices you could employ than Bitwarden
| (among them keeping a notebook of passwords on your person at
| all times).
|
| Your comment reads, to me, as a signaling effort. "I'm aware of
| bad corporations and I don't support them!" is less strong of a
| signal than you may think.
| Tier2Capital wrote:
| Shout out to Strongbox if you're an apple user. It supports
| .kdbx across apple devices with a 10/10 UI
| rekoil wrote:
| Took a peek, looks really nice, might have to give it a spin!
|
| Are there any solutions for .kdbx files on Windows that have
| a nice UI? My memories of KeePass are not great.
| txtsd wrote:
| KeepassXC is your best bet!
| u2077 wrote:
| + 1 for strongbox and keepassXC
| piqufoh wrote:
| Great for 1Password - I love the tool and I'm a strong advocate.
| But ...
|
| Why such a large round? Why not go for an IPO?
| darkwizard42 wrote:
| I think this type of massive up-round investment is basically
| an IPO, likely a fair amount of secondary level of exit for
| founders, employees, and wouldn't be surprised if the
| seed/first round investors were able to unload a little (if
| they even wanted to)
| Iv wrote:
| Because money is desperate to find sinks to throw itself at.
| samgranieri wrote:
| I really wish they weren't doing away with 1password classic and
| the native mac app. I like the fact I bought a license, that I
| can store the data on dropbox or icloud, and it works just fine.
|
| Yes, this is old news and sour grapes on my part. I just don't
| yet feel like migrating to bitwarden.
|
| I've been using 1password for 12 years since I saw it on a
| tutorial on peepcode.com. I actually taught my mother how to use
| it, she's been using it for 9 years, and last weekend she was
| upgrading all her passwords to use 2fa with the QR code capturing
| facility.
|
| We had to go find the 1password classic browser extension
| (something stopped working, needed to reinstall it) and that took
| a bit of doing. 1password is not making it easy to find anymore,
| and when she contacted customer support (before talking to me),
| their response was to upgrade to a paid account and store your
| passwords on a server.
|
| Ugh.
|
| Honestly, now that they've raised this much cash, would it really
| be that big of an inconvenience or lift for them to give mac
| users a native app instead of the electron one and keep allowing
| legacy users like me to use 1password with our existing licenses
| and dropbox?
|
| I think they'd be able to hire some additional developers and
| product/project people to make it happen. Not continuing to work
| on the classic project just feels like a kick in the shins.
|
| Now, I'm building out my kubernetes cluster at home, and
| bitwarden is something I'm going to experiment with as a backup,
| but 1password 7 works fine and I just don't want to migrate to a
| paid account.
|
| C'mon 1password, make your legacy customers happy!
| d23 wrote:
| > Yes, this is old news and sour grapes on my part.
|
| This is a tangent, but this isn't really the correct usage of
| sour grapes. "Sour grapes" implies you actually did want it to
| go away but are saying you didn't out of pride or something.
| I'm assuming that's not what you're trying to imply.
| jiveturkey wrote:
| Same here. I begrudgingly moved to BW right after they stopped
| offering perpetual licenses. The UX is poor compared to 1P but
| for this software I could not continue to use 1P. They've
| become a deceptively marketed company. I actually had a sub on
| top of my perpetual license -- the cost is inconsequential and
| I want(ed) to support their business.
| jeffrallen wrote:
| They should take 20 million, endow a foundation, and have the
| foundation hire a couple of their original devs to make a clean
| room, open-source equivalent to 1Password 6. Then those of us
| who actually just want a self hosted password manager, not a
| massive whacky cloud secret factory, can use that.
|
| Sigh, what a stupid world we live in, where greed destroys
| everything good.
| symlinkk wrote:
| Why do you feel entitled to that? Are you going to pay for it
| again?
| AlexandrB wrote:
| If pay for it again in a heartbeat.
| Kwpolska wrote:
| Have you tried KeePassXC? It has a reasonable UI and mental
| model, and does zero cloudy things.
| mdaniel wrote:
| And it can already read the 1Password .opvault (the
| "legacy" format, stored in Dropbox and on disk) "file"
| format -- I would guess it wouldn't be an unholy amount of
| work to teach it to write out that format, too, but I
| stopped short of doing that work because I figured
| KeePassXC wouldn't merge it
|
| After that, I would teach KeePassXC to serve the 1Password
| browser extension websocket protocol, because I found its
| UX far, far, far, far superior to KeePassXC's browser
| extension UX
| idonotknowwhy wrote:
| And you can choose to sync with Dropbox, one drive, etc.
| And it has an android app.
| rekoil wrote:
| I don't even mind the subscription fee and cloud hosting
| personally, just make a kickass native app like they always had
| and I'll stay. If they force me to "upgrade" to 8 and it's not
| a native app then I'll just use something else like bitwarden.
| jonpurdy wrote:
| I would be happy to pay the subscription fee for a native
| app, especially since my partner and parents can use it under
| the family plan. It works great for that! I've been paying
| for upgrades since 2007 (version 2.0 I think).
|
| Except that version 7 also introduced some massive UI/UX
| regressions! There were so many that I started collecting
| them in a Ulysses note so that I wouldn't forget why
| 1Password has gone so far downhill.
|
| ----
|
| Attachments:
|
| - Attachments used to be attached to entries by drag files
| there, and they'd show up at the bottom (if I wanted my
| passport, there'd be a single Passport entry with copyable
| fields + jpeg photos of front and back at the bottom).
|
| - Now, every attachment is a separate document cluttering up
| everything. If I want my passport, I search for "passport"
| and three separate entries come up: entry with passport
| details I can copy, and passport-front.jpg and passport-
| back.jpg. And if I delete Passport entry, the jpegs are still
| hanging around.
|
| - See [1][2]
|
| ----
|
| When it doesn't sync, there's no "force sync" button on iOS.
| So I just sit there waiting...
|
| ----
|
| Can't suppress "duplicate password" warning:
|
| - If I reuse a password on two or more entries, each of those
| entries shows this warning
|
| - No way to disable it, clutters up the UI
|
| - Some entries have an insecure password for local use, dev
| use, whatever, so let me disable the warning
|
| - Tons of threads on their forums about this complaining
| about it [3][4][5][6]
|
| ----
|
| Another warning that can't be disabled in preferences: 2FA
| available but not enabled
|
| - If you have an entry where 2FA is available on that site,
| you cannot disable the warning if you don't have it set up
|
| - To actually disable this, you need to tag the entry with
| 2FA (which is dumb because it implies that it has 2FA, but
| the tag is showing that it DOESN'T have 2FA enabled)
|
| ----
|
| Subdomain matching doesn't work:
|
| - This used to actually work fine but it was removed!
|
| - If you have a.test.com and b.test.com with different
| credentials, 1password treats them as the same website and
| will ALWAYS show entries for both, breaking autofill
|
| - See [7][8]
|
| ----
|
| And after all this, I still planned to continue to use
| 1Password until they made their version 8 Electron
| announcement. That's absolutely the final straw and I won't
| be moving forward with them after that.
|
| 1 - https://discussions.agilebits.com/discussion/92007/1passw
| ord...
|
| 2 -
| https://discussions.agilebits.com/discussion/111892/messy-
| do...
|
| 3 -
| https://discussions.agilebits.com/discussion/95438/reused-
| pa...
|
| 4 - https://1password.community/discussion/106132/suppress-
| the-r...
|
| 5 - https://discussions.agilebits.com/discussion/115492/featu
| re-...
|
| 6 - https://1password.community/discussion/104141/watchtower-
| reu...
|
| 7 - https://1password.community/discussion/89271/matching-
| sub-do...
|
| 8 - https://1password.community/discussion/87028/stricting-
| url-m...
| rekoil wrote:
| Definitely felt all of these, but I moved from LastPass to
| 1Password after 7 had been released so didn't know they
| were regressions. That's really shitty actually. I am
| honestly infuriated by shit like this because it just
| doesn't make any sense at all...
| kitsunesoba wrote:
| Similar here, I don't mind the subscription fee and even like
| that I can effortlessly pull my passwords from whichever
| device I need to at the moment. The new electron app is a
| mess though, even if its data layer is done in Rust. It feels
| like a cheap imitation of the old one with so many little
| details being wrong, along with the general sluggishness that
| comes with a "modern" web stack.
|
| I'm not really happy with any of the other options either
| though. Bitwarden is stuck in the browser, and the various
| KeePass clients vary a lot in polish.
|
| It seems a little ridiculous because the UI involved in this
| sort of app is trivial to build and make nice in practically
| any native UI toolkit released in the past 20 years. It's
| just list views and text fields... I would've expected the
| hard part of building a password manager to be the functional
| bits, not the UI.
| rekoil wrote:
| Right!? The hard part is integrating nicely with the OS,
| which is just not something that's in Electrons bag. The
| thing Electron "improves" for them is portability for the
| one thing that users really want to avoid interacting with.
| It's just such a confusing business decision in my eyes,
| and to be completely honest, part of the reason I'm looking
| at switching is literally that they are making a decision
| like this unprovoked when they have a great native app
| already, I just don't understand it and don't want to
| support a business making shit decisions like that.
|
| Someone in this thread suggested Strongbox which looks very
| promising. I will stick with 1Password until they've
| decommissioned 7, and then make my decision whether to stay
| or not I think.
| drewmol wrote:
| Here's a +1 for Strongbox. It plays nicely with my
| Keepass/Dropbox sync setup. Been using it for a few years
| definitely worth the price.
| pantulis wrote:
| In Apple land you have Strongbox or Keepassium. Both are
| fine projects based on Keepass technology so you are
| basically safe and the developers are even in cool terms
| with themselves.
| kitsunesoba wrote:
| Looking around, on macOS there's also MacPass[0] which
| looks decent (good enough that I could see myself
| contributing for the last few % of polish), and gnome-
| passwordsafe[1] looks reasonable on Linux (if a bit too
| mobile-y for a desktop app). The only notable hole in the
| platforms I use is Windows... perhaps it's time to spin
| up a WinUI Keepass project.
|
| [0]: https://github.com/MacPass/MacPass [1]:
| https://apps.gnome.org/app/org.gnome.PasswordSafe/
| Spooky23 wrote:
| Agreed.
|
| Porting an app as security sensitive as a secrets manager
| to a client with an attack surface of Electron seems just
| fundamentally dumb.
| eric-hu wrote:
| Migrate to Bitwarden. I owned a 1 password 6 license and hung
| onto it for dear life until last year. I technically had a 1
| password subscription from work, and when that ended last year,
| my password experience hit a brick wall. I couldn't add
| passwords from Windows. My Mac client refused to work, I had to
| uninstall multiple times and delete a data directory to erase
| any sign that 1 password subscription was on the system.
|
| I'm so glad I made the switch now. No pestering pop ups,
| equally usable on windows and Mac and iOS.
| ilrwbwrkhv wrote:
| Same made the switch to bitwarden this year.
| pantulis wrote:
| I went to Strongbox and never looked back.
|
| I have fond memories of 1Password and wish them luck. But I
| have felt forced by them to move to a subscription model
| and I cannot justify that.
| markdown wrote:
| I did the same. On Bitwarden now.
| prakhar897 wrote:
| Skimming through their jobs board. Their are approx 100 "talent
| acquisition" roles open. Engineering is like 20 roles. What the
| hell are they going to do with so many recruiters?
| amackera wrote:
| I guarantee that those 20 eng roles represent 100s of actual
| positions. You need to staff up talent acquisition before you
| staff up talent. Also they'll probably be growing their sales
| team also.
| pythops wrote:
| 1Password still even exists ?!
| saos wrote:
| One product I'm truly happy to pay for
| mirzap wrote:
| I've no idea why would profitable company that does password
| management ever need to rise such amount of money. This could be
| an intro for big exit, who knows. They will literally have to
| throw their users under the bus, limiting features and increasing
| existing plans. Expect 50% price increase in the next 6 months,
| alongside with some "great feature" with which they'll try to
| justify the price increase.
| IceWreck wrote:
| Why does a password manager need that kind of money ? They have
| their server software, apps/clients and infrastructure in place.
| They also have customers and presumably earn enough to maintain
| and grow.
|
| What is it that they plan to add that needs 620 mil ?
| amashq wrote:
| That was a quick answer to Bitwarden's post that gathered some
| upvotes earlier today!
| borplk wrote:
| First LastPass and now 1Password. All downhill from here.
| jrochkind1 wrote:
| I learned about services I didn't know about yet, Secrets
| Automation, and the Fastmail integration.
|
| I can't find Secrets Automation pricing info. Is it just, every
| developer needs a paid 1password account and that's it, or what?
|
| *edit* oh wait I just found it, the answer to pricing is "Contact
| Sales". Booooo.
| no_wizard wrote:
| Everyone who's just looking at this as a simple password app
| might be missing the boat. One killer feature for enterprise
| customers is teams can share secure variables as well as new
| credentials for services. Now I imagine a world where 1Password
| can be a secrets manager for your environments. I know a lot of
| cloud services offer this already however they're not always
| great, and since most of your org may be using 1Password this
| would be a huge value add.
|
| I think what this is fueling is the ability for 1Password to grow
| beyond a password manager to handle other sensitive sharable data
| boringg wrote:
| Question from the community comment thread here:
|
| How many people are actually going to change away from their
| current 1 password account as a result of this OR how many will
| watch 1 password and make a move in the future if product lowers
| their quality vs how much of this comment thread is people
| expressing viewpoints but aren't tied to the product in a real
| way?
|
| Obviously tough to validate but I feel like a lot of the comments
| are just knee jerk reactions without any real action tied to
| them. Curious if I am on the margin of comments though.
| PragmaticPulp wrote:
| I assume many of us are hanging on to older 1Password versions
| that offered perpetual licenses and Dropbox syncing.
|
| Once those eventually stop working (OS update, browser
| extension changes) I'll be switching. But I'm not going to
| proactively change because there's no reason to.
|
| The 1Password SaaS isn't terribly expensive, but I would have
| spent $100+ more on it for the exact same functionality I've
| had with my perpetual license for the past several years. I
| have no intention of spending more money for the same thing and
| having the overhead of managing yet another SaaS bill.
| boringg wrote:
| Do you think they would extend that license indefinitely? I
| can't imagine it to be a large portion of clients - why upset
| a loyal base of clients?
| andrei_says_ wrote:
| As someone who uses the non-subscription version of 1-password
| (iOS only, syncs amongst my iOS devices but no use on my Mac) I
| wonder how soon they'll pull the plug on this.
|
| Wish I could be happy for them but instead I'm worried that I'll
| lose what I have.
| scarfacedeb wrote:
| They're a paid service. Why do they need so much extra funding?!
|
| There's definitely going to be a feature creep and annoying
| changes.
|
| Time to consider the alternatives again :(
| qeternity wrote:
| > Why do they need so much extra funding?!
|
| They've also (supposedly) been profitable since inception. It's
| likely that this round has a significant secondary, which means
| they're just cashing out part of a profitable business.
| nlh wrote:
| Exactly. An increasingly common thing lately is what's
| effectively a "private IPO". That's what this sounds like -
| liquidity for investors / staff, and ownership to a small
| cadre of professionally managed funds vs. the Wild West open
| markets.
| qeternity wrote:
| Funny, "private IPO" is exactly what I said to someone I
| was discussing these types of rounds with.
|
| Going public has very tangible costs, but also massive
| intangible costs. Private markets are extremely frothy and
| keep ownership and control within an aligned group of
| investors. This can make all the difference in the world to
| management.
| f311a wrote:
| Not only profitable, but also bootstrapped business. They
| decided to go for VC money a few years ago.
| [deleted]
| josefrichter wrote:
| Congratulations. Authentication on internet is still a hugely
| underdeveloped topic, especially for normies. All the non-IT
| people basically have 5 weak passwords reused on 100 sites,
| written down on a piece of paper next to their computer or in
| their wallet. And of course what they don't know is all of those
| passwords were leaked 100 times anyway. This is a serious issue
| in digital society, to be fair.
| the__alchemist wrote:
| If they IPO, when's a good time to enter a short position? 1
| month after? Longer?
| mupuff1234 wrote:
| I really hope the fed raises interests rate ASAP since inflation
| seems to be getting out of hand.
| buro9 wrote:
| Now I know why Bitwarden was on the HN homepage a few hours
| earlier.
| blunte wrote:
| I still boggle at the scale of investments these days.
|
| What does a company like 1Password do with that much money?
| amelius wrote:
| Tbh, since using Firefox Sync, I have no idea why people would
| need anything else to manage their passwords ... Can anyone
| enlighten me why I would need 1Password?
| mlindner wrote:
| It uploads your passwords to their cloud. How is that okay? The
| key thing with a password manager is disjoint processes. You
| don't want the cloud provider to also be the password manager
| provider. A single breakin/rogue employee/government warrant
| and you passwords are exfiltrated.
| neon_electro wrote:
| Your "one password" is part of the encryption key for your
| 1Password vaults; your passwords and sensitive information
| stored in the vault is encrypted before it hits 1Password's
| cloud.
|
| Exfiltrators would need your master password to get in.
| Barrin92 wrote:
| Firefox Sync lacks basic functionality of a password manager.
| Storing notes, storing card information, sharing data securely
| with other users and so forth.
| dmarchuk wrote:
| I've been using 1password for years and so far haven't had any
| problem, all apps (desktop and mobile) work great, but I don't
| understand why they would need this kind of money, especially
| considering it's not free or cheap service.
| prirun wrote:
| > It feels like yesterday that I was excited to cross the
| 100-employee threshold, yet here we are just a few years later
| approaching 600.
|
| For a password manager? Damn.
| igammarays wrote:
| Are we in a bubble?
| Mindwipe wrote:
| Yeah, I've never seen a company so keen to alienate it's core
| audience.
|
| Well, at least not for a few years.
| _pmf_ wrote:
| 620M is too much for a password manager, so we can safely assume
| it is no longer one.
| freeduck wrote:
| Lol
| adreamingsoul wrote:
| Time to migrate.
| hcurtiss wrote:
| I don't know if anybody uses Edge like me, but I feel like people
| should know that Edge with Authenticator works VERY WELL for
| password management. It is very close to feature parity with
| Lastpass and 1Password, it's cross platform, and it's free. After
| something like eight years, we dropped our subscription to
| LastPass.
| nsm wrote:
| How easy is it to use with random notes/apps on mobile? Some
| reasons I prefer a non-browser manager: - On Android/iOS, 1P
| will integrate with the system password manager APIs to sign in
| to apps - I can generate/store arbitrary password-like things
| (SSH key passwords, secret question made up answers, 2FA backup
| codes) that are not associated with specific domains. At least
| in Chrome's default password manager there wasn't a way to do
| something like this.
| gtvwill wrote:
| Lol software like 1pass seem so pointless in days of web browsers
| with sync and 2fa. Deadset not really much of a reason to use
| them unless your like...no Microsoft in your stack at all. But I
| mean your probs burning coin on all kinda stuff if that's the
| case so paying double for a built in func probably wouldn't
| surprise me.
| dangero wrote:
| Anyone have a guess on 1Password company revenue?
| cannonpalms wrote:
| Self-reported to be $150MM in 2021 [1].
|
| [1] https://www.cnbc.com/2022/01/19/1password-valued-
| at-6point8-...
| LeoPanthera wrote:
| 1Password has 600 employees?
|
| What do they all _do_?
| frabbit wrote:
| Sales and posting on HN.
| jmull wrote:
| > ...explore beyond the boundaries of traditional password
| management.
|
| This is a 50-50 proposition, at best.
|
| I hope this doesn't mean I'll need to start looking or a new
| password manager.
| elteto wrote:
| Such a silly sounding marketspeak... what is non-traditional
| password management? Password management + essential oils?
| Karunamon wrote:
| Example: Name any other password manager that can instantly
| spawn disposable email addresses on your own domain by
| talking to your email provider.
|
| Not to put too fine a point on it, but I _fucking love_ this
| feature.
|
| It fits in naturally with the password manager, but it has
| barely anything to do with password management.
| lawtalkinghuman wrote:
| Hide My Email in iCloud.
|
| https://support.apple.com/en-gb/HT210425
| Karunamon wrote:
| Note that I said _on your own domain_.
|
| iCloud email hiding generates addresses on iCloud
| domains, i.e. services will begin to flag them as a
| commonly-used disposable address provider and disallow
| them.
|
| Also completely worthless to the vast majority of people
| who are not on Apple devices.
|
| Also also, 1Password's integration with the email isn't
| managed by them. They talk to Fastmail, Fastmail spits
| out an address and tells it to 1Password, who then fills
| the form with it. I can ditch 1Password at any time, even
| delete my account, and lose nothing.
| farzher wrote:
| you can write your own password manager in a weekend. the
| encryption code is trivial. it's just a matter of ui/ux. and if
| you're making it only for yourself, that's not a problem. highly
| recommended
| skilled wrote:
| Damn, that's pretty cheap.
| ctur wrote:
| Great news for a great team. 1Password makes a very solid product
| and the company genuinely helps improve the security ecosystem
| for their users (and, through working with browser vendors on
| things like extension security, all of us).
|
| Hopefully they don't go all cryptocoin and NFT with the
| funding... but given their dna, I think they will expand wisely.
| rkagerer wrote:
| Has anyone here speculated they might intend to use such a
| substantial piggy bank for some radical new aspect to their
| product [line]?
|
| Not sure what... eg. perhaps some server-facing & app-facing API
| that would log customers in more touchlessly in a bid to become
| the SSO nexus of the world.
| shehackspurple wrote:
| Congratulations 1Password! AMAZING
| caycep wrote:
| I'm just amused at all the hollywood names on the PR...I mean if
| Black Widow herself was in on this funding round, it really must
| be secure!
| Ekaros wrote:
| First question is where does password manager spend that amount
| of money. Second question who gives that amount of money to less
| than 10% of password management company... Sure it can have
| billions of users, but still it is in no way novel or complicated
| product. In sense it takes anywhere near that sort of money to
| build or manage...
| Leader2light wrote:
| post_break wrote:
| Bitwarden, please for the love of god add multi-account support.
| I know it's in the works but it's taking too long. I have work
| accounts and personal accounts. 1Password boiled the frog with
| pricing.
| miguelrochefort wrote:
| For some very rough context:
|
| - Duo was acquired for $2.35B
|
| - Ledger was valued at $1.5B
|
| - Dashlane was valued at $1B
|
| - Yubico was valued at $600M
|
| - LastPass was acquired for $110M
|
| - Trezor has an annual revenue of $5M
|
| - Authy was acquired after receiving investments of $3.8M
| djrogers wrote:
| For additional context:
|
| Hashicorp has an 11+B market cap Okta has a 30+B market cap
|
| The view I keep seeing here of 1P as simply a 'password
| manager' is myopic... It's one of their products, and currently
| the most visible, but it's just 1 product.
| elforce002 wrote:
| Well, we're using dashlane for free right now and planning to pay
| for it (It's really cheap). I don't know what would be the use
| case for switching to this brand since now their focus will be to
| grow or die.
| circa wrote:
| https://www.dashlane.com/cs/1k5JfApcebh1 - 6 months free right
| here
| minroot wrote:
| This people have lost their minds.
| qwertyuiop_ wrote:
| I am an exceptionally happy Bitwarden user
___________________________________________________________________
(page generated 2022-01-19 23:00 UTC)