[HN Gopher] 1Password Has Raised $620M ___________________________________________________________________ 1Password Has Raised $620M Author : andrewdutton Score : 586 points Date : 2022-01-19 14:28 UTC (8 hours ago) (HTM) web link (blog.1password.com) (TXT) w3m dump (blog.1password.com) | mlindner wrote: | 1Password lost me when they went subscription model and required | mandatory servers on their system to keep it running. It went | from being one of the best password storage solutions to one of | the worst. I'm still using 1Password 6 as that was the last | version which could run offline. | bluescrn wrote: | In the pre-cloud days, Dropbox was the go-to option for syncing | 1Password. But Dropbox have also restricted their free offering | (3-device limit) since then. | | I didn't mind paying for 1Password so much, it does its job | well across multiple platforms and devices, and it got me away | from some very bad password habits. | | But I don't use Dropbox any more. | fideloper wrote: | Microsoft should buy them. | fjni wrote: | Use a tiny portion of that to continue support for local, non- | cloud-based vault files please. | alexnewman wrote: | I switched from pass to 1password because my family kept on | losing the password. 1password family plan is badass. | peruvian wrote: | Good for them, but not sure why they need so much money for a | 100% paid product. | goatcode wrote: | Is there any practical way for anyone but the user to access any | of the stored info? | germinalphrase wrote: | Has anyone migrated easily between password managers? Manually | entering my (hundreds?) of unique logins/passcodes would be quite | a chore. | cupofjoakim wrote: | When I went from lastpass to bitwarden I could simply export | all my passwords to a json file and import them to bitwarden. I | think it took like five minutes or something like that. | simon1573 wrote: | Bitwarden is a really nice password manager. It can import from | 1Password: https://bitwarden.com/help/article/import- | from-1password/ | beart wrote: | Bitwarden has an import option that will pull from a lot of | other password managers. However, it definitely isn't perfect. | jwineinger wrote: | What parts don't you like? I'm considering migrating to | something else after this news | npteljes wrote: | 1Password seems to have an Export function which can agree with | the KeepassXC's Import one, for example. | | https://ryannickel.com/html/migrating_from_1password_to_keep... | PapaSpaceDelta wrote: | I recently migrated from 1Password using Dropbox for sync, to | KeePassXC (Windows, Linux & Mac) and Strongbox (iPhone & iPad) | still using Dropbox. | | Migration was a simple matter of exporting a CSV and then just | correctly selecting the column order for KeePass import. | | For those who don't want to trust a third party, even with | their encrypted data, I believe that home NAS sync-when- | available is possible - I personally haven't tested the | implications of syncing changes from multiple devices at the | same time in that scenario. | rcarmo wrote: | I exported successfully from 1Password 6 onto Secrets and | KeePassXC. Only thing missing were software licenses (some | attachments may not carry over correctly or show up as notes). | andrew_eit wrote: | I can see the use case for these online password apps. | | But I can't for the life of me understand why KeePass isn't the | defacto gold standard. | | It's secure, open source and you have control over the data. I | would never for the life of me think of storing my important | passwords with a company ever. Am I over reacting? | fmakunbound wrote: | Am I missing anything with 1Password, already using Bitwarden? | tempodox wrote: | This kind of announcement tends to ring all kinds of alarm bells | for me. What kinds of changes should we expect to make those huge | investments worthwhile for the investors? | | My 1Password installation is grandfathered from a time when it | was just a standalone app, without subscription. Will it just | stop working one day to bully me into subscribing? Can you even | start using 1Password these days without buying a subscription? | I'll have to start looking for alternatives today. | deagle50 wrote: | Apparently v8 is subscription-only. | casenjo wrote: | Unfortunately yes. You'll still be able to use your license but | once that version becomes incompatible with your OS you won't | have a choice but to upgrade. I'm disappointed I won't be able | to keep the Dropbox sync in 1Password 8. They did have this | survey to gauge interest in self hosting it: | https://survey.1password.com/self-host/ | MAGZine wrote: | The Dropbox integration to me became worthless after Dropbox | limited the number of devices it would sync to on the free | plan. | | If I can't have my passwords everywhere, then the value | delivered drops off a cliff | mdaniel wrote: | I don't have the old version installed anymore in order to | check, but I _thought_ that 1P only required that you | authenticate to Dropbox (since the app just uses the | Dropbox API for polling and to pull down changes), not that | you turn on syncing. I mean, it 's possible Dropbox is so | sick they count a signin as a new device, but that would be | a grave disappointment | frosted-flakes wrote: | You can sync local vaults any which way. I personally use | Syncthing, but any file syncing service would work. | | On another note, I've been using 1Password for years, for | free. The mobile app can edit local vaults without signing | in, and the desktop program can view local vaults in read- | only mode. If I want to edit or add a password, I do it on | my phone--it's not worth $150+ to be able to do it on my PC | a few times a year. | ojilles wrote: | Filled it out, likely not to move any needles, but at least I | did a thing. Thanks Casenjo for pointing out the survey. | cletus wrote: | Back in the early smartphone days one of the last mobile games | that I recall that simply cost money and didn't nag you for in- | app purchases was Angry Birds. You may be tempted to correct me | because modern Angry Birds looks nothing like this. Trust me, it | was once $1-5 and that was it. And it was pretty popular for a | time. | | Anyway around this time Rovio (the game studio) raised $42M [1] | and I distinctly remember thinking "well that's a huge mistake" | and "this is the end". | | Companies that produce creative content just don't scale in a way | that's compatible with VC. I include game studios and content | creators like Netflix in this. Netflix is a prime example of how | you just can't throw money at creating content and become HBO. | While I agree with Netflix's need for original content, it's | become so expensive that their monthly subscription is now too | expensive for many to just have and ignore (with the recent price | hike it's more expensive than HBO Max). | | Anyway, I use 1Password having previously used LastPass and pay | for it. I have a bad feeling about this funding round because | what can possibly justify it? | | To those who argue there are free alternatives, that's true but | any I've used just aren't as good. It's not just generating and | storing a password and filling out a form. So many companies have | subtleties that make this annoying. Maybe it's the username on | one page and then password on another. Or the form filling out is | incompatible with some shitty Javascript or whatever. This is the | real value of 1Paswword. | | And can I just complain for a second about how some sites (I'm | looking at you American Airlines) add a third field (surname for | AA) for no reason whatsoever, which is just awkward for a | password manager. | | I did learn from this post about the Fastmail integration to | automatically create one-use passwords. This is a feature I've | long wanted and I'm surprised that Gmail doesn't do this because | it seems like such an easy win for users. I may have to sign up | for that. | | [1]: https://www.reuters.com/article/rovio-accel/angry-birds- | crea... | rcarmo wrote: | Friendly reminder that I have a list of alternatives here: | | https://taoofmac.com/space/apps/1password | | (I am now using Secrets while trying out iOS-friendly KeePass | implementations) | drcongo wrote: | Secrets was my favourite out of every password manager I | tested, it's like 1Password before they started removing core | functionality and implementing useless features requested by | someone in marketing. It's only missing the ability to have | shared vaults which sadly is key to my needs. | rcarmo wrote: | And for me, a Watch app :) | teewuane wrote: | I love 1password :) | MattGaiser wrote: | 1password handed out a $70 off $70 purchase (or the approximate | cost in CAD of their family plan) Amex credit last year. Paired | with Rakuten, I made a profit by purchasing it. Now I can see why | they did it. | fxtentacle wrote: | "1Password Has Raised $620M" | | Ah fuck. They now need to grow at any cost to earn all that money | back. And they'll throw their users under the bus, if they have | to, because it's either grow like a unicorn or go bust. | | Also, I sincerely have no clue how a password manager could be so | expensive. Last time I checked, the excellent KeePassXC was still | free open source and developed by volunteers in their free time. | How come 1Password needs the equivalent of 7750 years of $80k | annual salary to build the same? | momenti wrote: | It's so valuable because knowing lots of people's passwords is | useful for mass surveillance, cyber attacks, industrial | espionage etc. | p2t2p wrote: | I just hope Apple's password management will finally catch up | by the time 1Password goes to toilet. | xfz wrote: | > Ah fuck. They now need to grow at any cost to earn all that | money back. And they'll throw their users under the bus, if | they have to, because it's either grow like a unicorn or go | bust. | | Agreed, an outbreak of featuritis is almost guaranteed. The | core product works well for the job intended, but I don't want | to be bothered with an expanding scope and the inevitable spam | promoting the features that I don't really need. | Joeri wrote: | The move to an electron client was a clear indication they | intend to add lots of features. If they were more or less | feature complete they would have not bothered with an | electron rewrite. | chrisma0 wrote: | Big fan of KeePassXC | (https://github.com/keepassxreboot/keepassxc). Works | wonderfully on MacOS. I guess 1Password is a bit snazzier, but | I'm really not sure what you would use $620M for in a password | manager... | | Maybe they'll go the Keybase route and integrate some crypto?! | (https://keybase.io/blog/keybase-stellar-launch) | chipotle_coyote wrote: | > Maybe they'll go the Keybase route and integrate some | crypto?! | | Well, congratulations, you just proposed a scenario that | would make me consider leaving 1Password after all. :) | | Seriously, I _am_ somewhat concerned at this level of VC | money injection; I 'm not intrinsically against venture | capital or such, but investors (obviously) want a return on | their investment and it's hard to imagine how you get a | return on _that much_ investment with just a password | manager, even one that 's a subscription service. | | (I am also not intrinsically against crypto and wouldn't | really abandon a service just because they do something that | involves it, but most blockchain technology continues to feel | like a solution in search of a problem. That's another | discussion, though...) | NoThisIsMe wrote: | I think BitWarden is a better comparison -- it's SaaS (and | thereby dead simple to get set up w/ cloud sync), but it's | reasonably priced with a solid free tier, and open source to | boot. | qbasic_forever wrote: | It's more like they need 3750 years of $80k salary and 100 | years of ~2.5 million salary for a dozen execs and board | members. | maxwell86 wrote: | > I sincerely have no clue how a password manager could be so | expensive. | | So you can't imagine how owning the passwords of all services | of dozens of millions of users, both private users and | corporate accounts, could be valuable? | AlexandrB wrote: | > So you can't imagine how _owning_ the passwords... | | Emphasis mine. | | That's the thing that bugs me about 1Password's recent moves. | They don't _own_ my passwords and I don 't want them to own | them. They're _my_ passwords, and I want to store them how I | want. Not be at the whims of 1Password 's business strategy. | john_moscow wrote: | >How come 1Password needs the equivalent of 7750 years of $80k | annual salary to build the same? | | It will go to all-expense-paid trips, consultancy fees and | other things you need to eventually get acquired for $10B+ by | one of the big players. | | Or maybe, they will pivot, spend $300M on advertisement, so | every grandma gets to know the brand name, and will then do an | IPO, presenting it as the next opportunity of lifetime to the | unsophisticated public. | | This is how you make money in the post-2008 world. The actual | old-school profitability has been out of the picture for quite | a while now. | ojr wrote: | So correct but also post-2008 underrepresented founders need | profits more than ever because they don't fit the narrative, | applications like Canva being female-led and Calendly having | a black male CEO are examples. | colesantiago wrote: | They were profitably bootstrapped for years and then chose the | VC route, no clue why but perhaps the founders wanted a huge | pay package. | | Then things went downhill. | dilap wrote: | Spot on. What's the best thing to migrate to? | [deleted] | WaxedChewbacca wrote: | sunsetandlabrea wrote: | Bitwarden for me. I've been using 1Password from around 2013 | I think. I didn't buy into their subscription model so | they've been gouging me with difficulties and cost in buying | upgrades for a few years. | | Apparently they have 500 members of staff these days, and | millions and millions of investor dollars. Apart from | maintaining browser extensions, for my own personal use I've | not noticed a single interesting feature in recent years. | | I moved to Bitwarden when the electron thing was announced, | haven't paid any subscription yet and seem to have all the | features I used before in 1Password. Bitwarden is very much | recommended and I wouldn't recommend 1Password to anyone | these days. | wilkommen wrote: | KeePass | nanna wrote: | KeePassXC | | https://keepassxc.org/ | npteljes wrote: | BitWarden has a similar feature set as far as I understand | it. You can even host it yourself. | qbasic_forever wrote: | Keypass + Syncthing to get the database on all your devices. | This combo has worked flawlessly for me for over 5 years now. | I sync to all kinds of devices too including android phones. | jillesvangurp wrote: | Bitwarden for private password managers and something keepass | based for shared passwords in small teams works great. We use | Keeweb with a keepass database on a shared Google drive. I | put the master password for that in Bitwarden. | | I guess for bigger enterprises you might like something with | a bit more fine grained access control and auditing features. | E.g. rotating the master password is a bit of a PITA. I | actually did that this morning because somebody in our team | left. | | Most companies would want some kind of solution and most | bigger companies would likely end up paying for something. | chaorace wrote: | I'll vouch for BitWarden. You can self-host or use their | cloud offering. The server software and all of the clients | are open source. | | I've personally been using the cloud offering for several | years now and feel quite satisfied with it. The free tier is | generous, the premium tier is very affordable, and I can | export my data to a self-hosted instance anytime I like. | kspacewalk2 wrote: | Because cloud and enterprise. | | Sure, labour costs are expensive in our industry. But it's | under-appreciated that once you need physical infrastructure, | sales and enterprise support, that really tends to eat into | your millions. | chrisshroba wrote: | Please excuse my ignorance about this, but what do "cloud and | enterprise" costs entail? Password managers seem to me like a | pretty basic CRUD app. I'd imagine the average user has a few | KB's max stored, and data transfer is presumably very small | (no images/video/other binary data). And enterprise users are | presumably running the infra on-prem so I'd think the main | costs have to do with support. | | Is marketing the thing with the huge price tag, or are there | other huge costs I'm not thinking of? | Spivak wrote: | I'll use a past life as an example; 150 person company -- | 20ish people in engineering total: 5ish on doing infra, and | 3 dev teams of 5ish working different verticals. | | Then you have leadership, sales, marketing, HR, finance, | support, and retention. By a huge margin sales, support, | and retention were the largest. B2C is marketing heavy, B2B | is sales heavy. If you're both then well.. | | Engineering can be really lean with respect to the number | of customers/clients but the rest of the business can't. | fps-hero wrote: | Could you even raise those funds If you sold every password | they control on the dark web? | city41 wrote: | > How come 1Password needs the equivalent of 7750 years of $80k | annual salary to build the same? | | Can't you say the same about Linux vs Windows, Gimp vs | Photoshop, PostgreSQL vs Oracle, Godot vs Unity, etc? | devwastaken wrote: | Yep, this will go the same way as LastPass sadly. This kind of | company must have a steady positive revenue stream from it's | customers. If not, it is not reliable. They will not be paying | this back any time soon. | | Fine by me, 1password was too expensive to begin with. Sad to | see they're wasting it. | jonathankoren wrote: | >And they'll throw their users under the bus | | They already through their consumer users under the bus when | they switched to a subscription business. | | I haven't upgraded since v6, and I plan to avoid it as long as | I can. | baryphonic wrote: | > Also, I sincerely have no clue how a password manager could | be so expensive. Last time I checked, the excellent KeePassXC | was still free open source and developed by volunteers in their | free time. | | Because 1Password is easy enough to use that my wife and I can | share a family plan without her getting frustrated. If one of | us has a login the other needs, we can easily share it. When I | evaluated KeePass, the Wife-Acceptance Factor (WAF) was not | there, though maybe it's improved. | InvaderFizz wrote: | There is the WAF. There is also the part where when I | evaluated KeePassXC two months ago, the browser plug-in would | constantly desync and require a full page refresh and | entering my master password. | | With 1Password, I also have to reauthenticate all the time, | but unlike KeePass, TouchID works. | yborg wrote: | TouchID works fine for me in KeepPassXC. You have to turn | on the option. | tibiahurried wrote: | We use BitWarden and it is free. $620M for a password manager | is nuts. | amir734jj wrote: | Agreed. It's beyond nuts evaluation at this point. | qwertyuiop_ wrote: | All that Fed money supply has to go somewhere. | | https://fred.stlouisfed.org/series/M1SL | dahart wrote: | BitWarden is not free if you compare apples to apples, and | sign up for the same features including cloud hosting, 2FA, | and family or enterprise accounts. | | $620M isn't for a password manager, it's financing for a | business with an enormous and growing user base. | TaXaZ wrote: | Bitwarden is free for individuals and couples. So, it's | free user-friendly (WAF!!) wise [0] in comparison to | 1pass [1]. But much more important thing is the fact that | bitwarden is open source and 1pass not. Closed source is | deal-breaker for me. | | [0] https://bitwarden.com/pricing/ [1] | https://1password.com/teams/pricing/ | wutwutwutwut wrote: | Bitwarden free edition is free. The free edition is | crippled and doesn't support Yubikey among other things. | toyg wrote: | "Crippled" is a big word. It does everything that KeePass | would do, for example; it only falls short when it comes | to sharing passwords among a group or family (you can | send a secret via BW Send, but you cannot have a shared | store unless you pay for Premium). | | Yubikey and its likes are advanced features that the | overwhelming majority of regular users will never need. | wutwutwutwut wrote: | It is? I thouht it was the proper word to use to describe | software which has limited features in free version so | they can sell commercial licenses. | borski wrote: | "Limited" is better. "Crippled" has a negative | connotation when it comes to software. | ziml77 wrote: | I thought that it had all the same features, just not | cloud sync. As far as I know the Yubikey is used for | authenticating with their sync server. It doesn't | actually help with the encryption | commoner wrote: | Bitwarden's free plan does have end-to-end encrypted | cloud sync with no device limit. The free plan lacks TOTP | support, but Bitwarden's $10/year plan does include TOTP | support and is cheaper than 1Password's $35.88/year plan. | Bitwarden is also open source, while 1Password is not. | wutwutwutwut wrote: | Bitwarden free has TOTP. | commoner wrote: | I'm referring to Bitwarden Authenticator, which stores | TOTP secrets and displays 6-digit codes like Google | Authenticator does.[1] This feature requires a Bitwarden | Premium account, with the $10/year plan being the | cheapest option.[2] (Self-hosting through Vaultwarden is | another option.[3]) | | This is separate from having TOTP 2FA on the Bitwarden | account itself, which is available on the free plan.[4] | | [1] https://bitwarden.com/help/authenticator-keys/ | | [2] https://bitwarden.com/pricing/ | | [3] https://github.com/dani-garcia/vaultwarden | | [4] https://bitwarden.com/help/setup-two-step-login/ | mbesto wrote: | For something as important as protecting passwords, why | on earth would you want something that _is_ free? | cycomanic wrote: | Well let me ask the much more obvious question, for | something as important as protecting your passwords, why | on earth would you go with a proprietary service where | you have no idea about the security, that could take away | your access at a whim without any recourse for you? | sebastien_b wrote: | Because much like privacy, password security shouldn't | always be only a premium option. | | Plus like the parent said, proprietary code is a deal | break for lots of people. | mbesto wrote: | > Because much like privacy, password security shouldn't | always be only a premium option. | | So then who foots the bill? Password managers are the | duct tape used to protect a user _because_ we don 't | inherently trust application providers. | | > proprietary code is a deal break for lots of people | | Sort of. First, "lots of people" seems like "lots of | people" because we're on HN. The wider population doesn't | care whether your application is proprietary or not - | they just want something that works. Apple's wall garden | is proof of this. Second, you can still charge for a | product _and_ it be open source. An application being | open source simply provides an audit log of the code and | allows for "wisdom of the crowd" when it comes to bug | and security issues. So yes I agree that having a | password manager be openly auditable is a great feature, | but I (and many others) likely would rather have the | features of strong UX and known tenure (OSS tools get | abandoned all of the time) then we would having an | auditable source code. | sebastien_b wrote: | > _So then who foots the bill?_ | | Whoever wants to pay. Doesn't mean a product should be | dismissed simply because it's "free". | commoner wrote: | Bitwarden does charge for certain features like TOTP | support, organizations, and enterprise features. They | manage to have subscription income while remaining open | source, whereas 1Password chooses to keep its code closed | source. | | If you are saying that Bitwarden is worse because it | offers a free plan, I disagree. It's nice that Bitwarden | offers a security-audited* password manager to those who | can't afford a subscription, who aren't ready to pay for | one, or who don't have the means to make payments online. | Unlike 1Password, Bitwarden is not pressured to deliver | high returns to venture capital firms, and Bitwarden can | focus on providing its product to its users at superior | price points. | | * https://bitwarden.com/help/article/is-bitwarden- | audited/#thi... | sebastien_b wrote: | > _Unlike 1Password, Bitwarden is not pressured to | deliver high returns to venture capital firms, and | Bitwarden can focus on providing its product to its users | at superior price points_ | | Well said - and this is the important part of the 'non- | proprietary' argument of mine (above) - right now I | consider 1Password's real customers being their | shareholders/investors, _not_ its users - the users are | just another tool they use to bring value to their _real_ | customers (investors,etc.). | | BitWarden's customers are their actual users. | mbesto wrote: | > If you are saying that Bitwarden is worse because it | offers a free plan, I disagree. | | For the record, I'm not. The overall discussion was that | charging for a product was somehow bad. Bitwarden _does_ | charge for their product, just at higher tier levels. My | bigger point is that you do want a provider that is going | to stay solvent so charging money (which Bitwarden also | does) is not some perverse way of satisfying customers. | xfer wrote: | People and businesses are storing their data that these | passwords protect using free operating systems. | ValentineC wrote: | I'm looking forward to Bitwarden implementing multiple | account logins ("client profiles") [1] on their roadmap | [2], before doing a gradual switch away from 1Password. Any | time now! | | [1] https://community.bitwarden.com/t/account-switching- | log-in-w... | | [2] https://community.bitwarden.com/t/bitwarden- | roadmap/12865 | fredley wrote: | Yup. In fact just today my partner was struggling witha | problem with 1Password that she uses at work, asking why it | wasn't as simple as BitWarden. | skinnymuch wrote: | That's likely because they are used to BW first and was | learned at home. This sort of "phenom" happens all the | time and is not only about the actual product. | | There will be exact examples of the opposite happening. | decrypt wrote: | I like Bitwarden too, but can't dismiss the fact that | 1Password is superior to Bitwarden in many ways: | | - Mobile UI is beautiful on 1Password. | | - The UX from creating a password entry to auto-filling is | easily better on 1Password. Bitwarden doesn't show autofill | entries on login forms yet. That's a deal breaker, at least | for me. | | - Account recovery via a trusted family member. | | - Additional security measure: private key in addition to | master password. | | Personally, the 35 USD fee is justified. | arrosenberg wrote: | > Bitwarden doesn't show autofill entries on login forms | yet. That's a deal breaker, at least for me. | | I was able to enable that in the settings, but I've found | it very hit or miss compared to when I used LastPass. | decrypt wrote: | I meant the overlay popup interface which is still in the | works: | | https://community.bitwarden.com/t/overlay-popup- | interface/14 | josephd79 wrote: | Bitwarden has all those features you listed. I use it | every day. | | You can setup a trusted family member. You get a master | password and private key incase you can't access 2fa. You | can setup autofill entries. UI/UX are opinions. | | You pay $40 dollars a year for Family, $10 a year for an | individual. Cheaper than 1password. | decrypt wrote: | I meant the overlay popup interface by autofill on login | forms: | | https://community.bitwarden.com/t/overlay-popup- | interface/14 | | Noted about trusted family members on Bitwarden. | | I don't understand the private key part for Bitwarden. I | am referring to the one here: | | https://support.1password.com/secret-key-security/ | | Is there an equivalent for Bitwarden? | folkhack wrote: | Hopping aboard to add that Bitwarden does in fact have | all of those features. It's disingenuous of parent | comment to imply/claim otherwise. | | Sure the UI/UX is a bit basic... but honestly most of us | should prefer that. | throwaway64643 wrote: | You think they'll keep that price for forever? | hotpotamus wrote: | I bought Lastpass when it was $12/year. Over the years | and after being acquired, they tripled the price. I miss | when technology used to decrease in price and provide | better functionality. | decrypt wrote: | Hopefully so, but I'd be willing to pay even upto 100 | USD. I store a lot of things on 1Password these days that | it's very hard to give up, and very convenient. It's not | just passwords; medical documents, credit card details, | passport, certificates, private notes. | cgriswald wrote: | They certainly won't. They used every trick in the book | to get those of us who bought their standalone, one-time | fee software to subscribe. | aweiland wrote: | Same. Works great for my wife and I. | ryall wrote: | It's funny you mention WAF because that's exactly what kept | me away from 1password. | | I loved almost everything about 1P but their reluctance to | authenticate with keychain means it's a PITA for me, and an | absolute deal breaker for my wife. | | Has this changed or do you still have to enter your 1P | password every time you log in or your session times out? | textcortex wrote: | I think VCs are also making their decisions based on that | "WAF" factor. | lkxijlewlf wrote: | bigyikes wrote: | Sounds like the Lkxijjlewlf Acceptance Factor (LAF) is also | very low. You have something in common with the parent's | wife! | | The parent did no shaming; as you pointed out it's | extremely reasonable to not want to jump through hoops. Any | shame is projected by yourself. | kdmccormick wrote: | Yeah, GP's acronym ain't great. But if you sub out "wife" | for "significant other" or just "family" then you have to | admit that this is a real phenomenon. | | I use pass [0]. To me, it is the best password manager that | I've ever used. Command-line-first, free & open source, | built on git... it's great, and suits all my needs. From | the perspective of someone who spends most of their day | behind a CLI, it is "simple" and "just works" more than | anything else. | | But it's not going to work for my significant other, who is | very intelligent but isn't a software engineer. They're not | going to learn git so that they can manage passwords, and | the app doesn't abstract away git enough for them to avoid | needing learning it. Hence, despite its merits, it fails | the "SO acceptance factor" or whatever you want to call it. | | [0] https://www.passwordstore.org/ | rrrrrrrrrrrryan wrote: | I always thought the term was at least a little self | deprecating; it definitely and doesn't mean "dumbed down so | the stupid wife can actually use it." | | There are a lot of technical enthusiasts and hobbyists, | mostly dudes, who optimize for dumb parameters that nobody | in the real world actually cares about. In this case, | setting up a clunky, but fully open source password | manager, when there are alternatives with objectively | better UX available for relatively cheap (considering you | use the thing many times each day). | | In the home theater world, for a long time guys would brag | about the disgusting monstrosities they've jankily hooked | up in their living rooms, but a setup with high WAF means | building something that's actually aesthetically appealing | and congruent with the interior decor, hidden cords, not | having to switch between 4 remote controls, etc. | | But you're right - it should probably be SAF (Spouse | Acceptance Factor). | toyg wrote: | SAF is taken by Sir Alex Ferguson, sorry mate | wreath wrote: | My wife has this problem. I have a bit more tolerance. | There is no else I try to convince to use such software. | WAF is accurate but because I don't run it by someone else. | throwmeaway666 wrote: | >I, a computer programmer who has more than enough | intelligence >Stop blaming/shaming wives. | | It seems like it is you who is equating tech illiteracy | with intelligence, pal. There is nothing wrong with being | technically illiterate (most people are) and I don't think | GP is shaming his wife because of it. | Gwarzo wrote: | Stop morality projecting on others. Having something your | untechnical wife is willing/able to use matters. | viscanti wrote: | Same thing with email. Everyone COULD run their own email | server but it's pretty clear most people don't want to. We | also see it with tech companies running their own servers. | Again they COULD runt heir own hardware (and some do) but | it's pretty clear most companies don't want to. There are | decades of examples of where people could run something | themselves and having very strong preferences for using a | centralized and more user friendly alternative. I don't | know why we'd expect it to be any different here. | fshee wrote: | I wouldn't assume the phrase is casting a value judgement. | | I hear the phrase from time to time in aviation. "Have to | sell the first plane" / "Doesn't pass the WAF" / "Wife | thinks owning two planes it too expensive." I have no | reason to believe these folks are not in a loving | relationship. | | Nothing to do with intelligence. | 4ggr0 wrote: | If I may chime in, and sorry for acting like an annoying | dude, but I also really dislike the term WAF. Of course the | term makes sense if we look at IT and the world | historically, but I don't get why in 2021 we still have to | act like wives are tech illiterate by default, and also, | what about women in IT who have tech illiterate husbands. | [deleted] | api wrote: | Nerds continue to fail to grasp the value of UI/UX. This has | _always_ been why FOSS and similar solutions have failed to | compete in the market in spite of being "free" and often | technically superior. | | UI/UX is everything. Apple became the most valuable company | in history on the back of UI/UX alone. Their tech is decent | but not _that_ much better than anyone else 's, but their | stuff is at least marginally easier to use and that's worth | more than the GDP of quite a few countries combined. | | The importance of user experience is only growing as the | world becomes more and more time poor and we move more and | more into an "attention economy." Saving _seconds_ counts. If | it doesn 't work instantly it's broken, period. | | Here's two ways I can explain it: | | (1) If you value your time at $100/hour and you have to spend | one hour a month maintaining something "free," that free | thing costs $100/month. That's fairly expensive. It only | makes sense to do this if you have a lot of surplus time on | your hands. | | (2) If you have ten million users and make a UI/UX | improvement that saves them one minute a month and you value | their time at an average of $50/hour, you just created about | $8.3 million in value since that's the value of the time you | just saved. | | A rule of thumb that I use is that every step required to do | something halves adoption. So if you have a 10 step install | process, only 1 out of 1024 people who look at your product | will make it to trying it. | | Every developer needs to have "user experience is everything" | tattooed on their forehead. | vbezhenar wrote: | I ditched 1Password in favour of KeePass exactly because of | UX issues. 1Password felt too magical and did too much | implicit stuff to my taste. KeePass is dumb simple and | that's what I need from password manager. I hope that its | UX will not change. | bengale wrote: | This is accurate. We charge twice as much as our competitor | and we consistently hear from customers that UI/UX is a | massive part of the reason they choose our system. | idkwhoiam wrote: | Re #1. People normally maintain their dish washers, cars, | and software off work hours. | | Edit: agree with the rest | brimble wrote: | > UI/UX is everything. Apple became the most valuable | company in history on the back of UI/UX alone. Their tech | is decent but not that much better than anyone else's, but | their stuff is at least marginally easier to use and that's | worth more than the GDP of quite a few countries combined. | | Huh, to me it's both. The UI/UX wouldn't be worth shit if | their software ate battery like it was free, crashed often, | was frequently janky, hogged resources to the point of | being a problem, or all the fancy features underlying their | UX didn't work pretty damn well without user fixing or | intervention. Software quality is _part of_ why their UX is | so good, not just design languages or whatever. You don 't | get their level of auto-magic if you haven't done a whole | bunch of things very right in the underlying code & | architecture. | | They're far from perfect (practically all consumer-facing | software is at least _kinda_ bad, IMO) and one can point to | a handful of duds that they just can 't seem to get right | (Xcode, for instance) but I'd put software quality as my | _number one_ reason for using them, and I 'd point to that | as an absolutely vital element in their UX being well above | average. It's that _combo_ that no-one else seems able to | touch--in fact, it often seems like no-one else is even | trying, and I really wish they would. | r_hoods_ghost wrote: | I think you understate your case. A lot of nerds and nerd | culture is actively hostile to making things easy to use | and will intentionally erect banners and over complicate | systems in order to keep "normies" out and make themselves | appear smart.Its rather sad really. | b3morales wrote: | > If you value your time at $100/hour and you have to spend | one hour a month maintaining something "free," that free | thing costs $100/month. That's fairly expensive. | | This is quite true, but the counterpoint is that nerds | _enjoy_ spending that time. We like opening the box, poking | at the wires, seeing how the cogs fit together, and | tweaking things endlessly. It would be a liability for a | normie, but for a nerd whose interest is piqued it 's a fun | Saturday project. This is why FOSS survives _despite_ the | UI /UX problems. | apozem wrote: | Not the person you were replying to, but I completely | agree. I had fun setting up my Raspberry Pi as a Plex | host / torrent box / home server. | | Where us hobbyists go wrong is thinking any large | percentage of customers want to do that. Any amount of | futzing is too much. Most people want it to "just work." | bjord wrote: | I'm gonna frame this and put it on my wall. | Sytten wrote: | I made the same argument below but I was downvoted to hell. | | Bitwarden is not an alternative to 1Password that passes | the wife/parent/elder test because the UX is so bad they | need to call me everytime something isnt exactly working as | before. | cyberpunk wrote: | Really? | | I mean, I have 1password for work, and Bitwarden for | personal.. | | Spot the difference: https://imgur.com/a/wJQBDjV | Saris wrote: | A few things come to mind (I use bitwarden myself). | | - "Folder: No Folder" is a bit confusing, it would be | better to just require a folder when creating an entry. | | - Collections vs folders is also a little confusing | unless you spend time to figure it out. | | - 1password shows the password reuse notice right there, | instead of needing to go the web vault of bitwarden and | specifically click on tools. | | - 1password shows the password strength right in the | entry as well. | | - 1password has nicer display of the items in the vault, | with sections by letter. | kerng wrote: | Unfortunately true. | | I really hope that Bitwarden improves their UI and UX, | because I really want to like it. But their Collections | and sharing feature is very unclear, especially once | multiple people/orgs are involved. | | I'm afraid to use it because they co-mingle everything in | UI and I dont accidently want to share a personal | password with another org. | | Being worried of sharing a password accidently is very | scary UX | api wrote: | You were downvoted to hell because nerds continue to | refuse to understand this. At this point it's flat out | denialism. | | This refusal to understand UI/UX goes way way back in | hacker culture: | | http://catb.org/jargon/html/P/point-and-drool- | interface.html | | This seems to be a general characteristic of enthusiasts. | | To design a good car for people other than car | enthusiasts, you have to hate cars or at least be able to | place oneself in the shoes of someone who hates cars. | People who don't love cars want a car that makes them | think about cars as little as possible. The purpose of a | car is to carry you from one point to another, not to | make you spend time on cars. | Gracana wrote: | Maybe name-calling and suggesting they should be | mutilated isn't enough. What's your next step? | api wrote: | There isn't one. I will continue to say this, people will | continue to ignore it, and the computing ecosystem for | the average person will continue to be locked down by | corporations that do not ignore it. Free, open, and | privacy respecting technology will remain irrelevant | outside enthusiast techie circles. | | It's a bit like climate change. Scientists will warn, | people will ignore, and then we will abandon Miami and | will probably blame the scientists. | mjmsmith wrote: | Having "tattooed on their forehead is a metaphor" | tattooed on their forehead? | Gracana wrote: | Excellent, problem solved. I was thinking somebody would | have to contribute UI changes to an open source project, | but it turns out flaming people on the internet is much | easier. | ericd wrote: | Maybe it's because Bitwarden's UX is actually quite good? | I found 1password's to be substantially worse when I | tried it a few years ago, especially on non-Apple | devices. Perhaps that's changed, but for something so | heavily touted for being well designed, I found it to be | very disappointing. | RHSeeger wrote: | That's my thought, too. What about BitWarden's UI do | people not like? It's simple to use and clear what | everything does. | abletonlive wrote: | I can't stand nerds that fundamentally can't learn this | nuance. It's like the biggest blind spot ever. There are | just so many of them in the tech industry working as | software engineers, which is why we have powerful tools | that are a pain in the ass to use. It makes me hate | software engineers, and I am one. | DangitBobby wrote: | Really? I use both (Bitwarden for personal, 1Password for | work) and find the UI for Bitwarden to be more complete | and consistent. Like if I want to edit a login item, I | must open a new browser tab in 1Password. Not so in | Bitwarden. I still can't figure out how to consistently | trigger the workflow to add a new login for the current | website automatically without opening a new tab in | 1Password. You click "Add Login" in Bitwarden. | desmondl wrote: | Agreed, I used lastpass in 2016 and tried to switch to | keepass. I'm more than technical enough to use keypass | and sync a vault across all my devices, but I needed this | to be as easy as possible. I know myself enough to | understand if something doesn't feel as easy as humanly | possible, I'm much less likely to use it. A decent chunk | of people are not like this, which is why I believe there | is this huge debate over "Keepass vs 1Password". But | anyway, I switched to bitwarden and the UX was more than | good enough for me. It "just works". | | I even started self hosting it this year and it continues | to "just work" - although I don't recommend it to most | people since I now have to manage a server. I was already | self hosting a lot of other things last year (wanted to | move away from google/apple services) so the "cost" of | self hosting Bitwarden was negligible. | | Anyway I know I rambled a lot, but just wanted to chime | in and throw in my opinion about bitwarden | gregd wrote: | Thank fuck someone said this. | | Most users don't want to tweak anything related to their | phones, tablets, computers, watches. If everything your app | does, isn't reachable within 1-3 clicks/swipes/presses, | then forget it. | | Someone suggested using two versions KeePass files...one | for shared passwords, one for not shared passwords. This is | NOT a substitute for clicking Share Password and literally | not doing anything else. | | Someone suggested storing all your passwords in the | browser. This is NOT a substitute for having all of your | passwords available at the app level on your iPhone. This | is NOT a substitute for sharing passwords with your whole | family. | | UI/UX is EVERYTHING | ChrisMarshallNY wrote: | Yup. | | I have been hearing about how X11/MOTIF will "end the | Windows/Apple hegemony" for _decades_. | | I don't know how often I've heard "X Windows is just as | good as Mac OS." | | It's like when your vegan friend keeps telling you that | "Falafel tastes just like beef." | | They have never tasted beef (or they hated the taste), so | they don't have anything to compare it to. X Windows is | GUI, written by people that hate GUI. | | What could _possibly_ go wrong? | | All that said, it's a crazy amount of money, and I really | feel that the only real work the password manager needs, | is to be rewritten in native. Electron is less-than- | excellent. | | They must have some kind of strategy that goes beyond | just being a password wallet. | leokennis wrote: | Also, for some software "everyone uses" like e-mail or an | office suite, you can afford maybe some complexity or | annoyance. The alternative "do not use e-mail" or "do not | use an office suite" is a no go for almost anyone. | | The alternative "do not use a password manager" is | however totally common. So if you want to get someone | with limited time or affordance for annoyance (like your | wife) to use a password manager, the process of setting | it up and using it better be very smooth and | frictionless. | | 1Password is very good at that part. | Gormo wrote: | > Nerds continue to fail to grasp the value of UI/UX. | | Or perhaps nerds _do_ grasp the _negative_ value of anti- | patterns in UI /UX, and _reject_ attempts to create | interfaces and usage models that remove control from the | user, create vendor lock-in, or compromise privacy and | security. | gburdell3 wrote: | I think a better way of saying this is that "nerds" (i.e. | power users, the type of people typically on HN) want | different things out of their UI/UX than the average | user. That's the beauty of having different solutions to | choose from: the power user is free to use something like | KeePass, where it's not as easy to use, but you can set | it up exactly the way you like; and the "normal" user can | go with something like 1P or LastPass for more of a "set | it and forget it" model. The average user _doesn 't care | one bit_ about the things that you mentioned. | b3morales wrote: | Absolutely; this is the key to the whole thing. It's | explained at length in the classic _The Design of | Everyday Things_. Nerds v. normies are given the monikers | "Homo logicus" and "Homo normalis". The nerds value | control, understanding, and are concerned with edge | cases; they accept complexity, workarounds, and the need | for preparation as the cost. The latter prioritizes | nearly the opposite, preferring simplicity to control, | and guaranteed if partial success for the need to | understand/invest time. | vagrantJin wrote: | > Because 1Password is easy enough to use that my wife and I | can share a family plan | | Haha. I'm pretty sure browsers build this feature in. | a5aAqU wrote: | I don't think browsers let you share passwords between | users or multiple browsers. They probably don't let you | store secure notes or add extra data about logins. | | 1password lets you share passwords with other people, even | if they don't have a 1password account. | red_hare wrote: | I've never seen a "share with family member" feature with a | browser storing passwords. Also, this means I and all of my | family members need to use the same web browser. | | Using a 1password family plan is the only way I've been | able to wrangle my parents across their slew of iOS, macs, | Android, Windows, and Linux machines to stop typing in | passwords. | function_seven wrote: | I'm a single user who needs to have my passwords available | on my work laptop (Chrome), my own desktop (Firefox), and | my phone (Safari, iOS Apps) | | No built-in browser password manager will handle that. | | I'm sure a family with multiple users and half a dozen | devices will run into issues as well. | leokennis wrote: | This exactly. "Selling" a password manager to a non-tech | person who either uses the same password everywhere or | someone who writes weak passwords on post-its is a hard sell. | It's a lot of added complexity and more importantly, a | different way to think about passwords: you no longer know | any of your passwords, except one for the password manager | itself. | | 1Password does a pretty good job of this; as a user I do not | need to worry about syncing the database, keeping an app up | to date (the website is always up to date) etc. | TheCondor wrote: | Copy that, on the family plan, works on all the devices that | need it. We trust their shared vault technology enough. | 1password is compelling. Not sure it's a billion dollar thing | but it's good. | PascLeRasc wrote: | I'm using KeePassXC on my work computer and it takes around | 30 minutes of maintenance every two weeks when the browser | extension can't find the desktop app or bare functionality | like "copy password" stops working and I need to reinstall. | bradwood wrote: | I had the exact same experience... So I upgraded my wife. | npteljes wrote: | Did you try BitWarden? I haven't yet, but it's supposed to be | basically a FOSS alternative to LastPass / 1Password. | sdoering wrote: | The only downside is that I can't currently use my | privately hosted instance as passwd safe with the chrome | browser extension. This only works for the hosted version. | | So I can't habe autofill, automatic saving of new/changed | passwords and password creation and also use the same vault | for the mobile app (Android). The mobile app can access the | self hosted vault without any issue. | | I would love to fully migrate to self hosted bitwarden, but | the browser extension irks me. Maybe it is possible and I | am just too dumb to find the solution. | cannonpalms wrote: | This isn't true. The browser extension (on all major | browsers) allows use of self-hosted instances. I'm using | it right now. | sdoering wrote: | I would love to know how that works. I was so not able to | select an option to enter a different vault url. | | I could only enter email and password yesterday. | mnd999 wrote: | It's a slightly hidden option on the login page. | sdoering wrote: | Thanks a lot. Found it and all worked fine in the end. | dopp0 wrote: | Saris wrote: | You can use a private instance with the chrome addon, | just set your server URL in the settings like usual. | erinnh wrote: | I dont have any Chrome browser to test, but this has | always been possible with the Firefox extension, so Id be | surprised if it wasnt possible. | | There is a small cog in the top left side where you can | change the URL to use when you login, in case you simply | overlooked it. | sdoering wrote: | Will again take a look. I used Google to find a tutorial | and that dpole of said cog, but I wasn't able to find it. | erinnh wrote: | I just made this screenshot in a chrome-based browser for | you: | | Top left here: https://imgur.com/xCgrot0 | | If you click on that, the "Server URL" field is where you | want to put your private instance: | https://imgur.com/Gua3jSb | sdoering wrote: | Thanks a lot. All of you helped a lot. Must have been | blind yesterday evening. It worked. | wise0wl wrote: | Use Vaultwarden. I use that, and it works _wonderfully_. | sdoering wrote: | I use Vaultwarden as the server host. Does it have a | chrome add on as well? | remram wrote: | You can use the Bitwarden apps with Vaultwarden: | https://bitwarden.com/download/ | korantu wrote: | BitWarden works really well for me, for example. It is FOSS | and has hosted option; Has autofill plugin, android app, | nothing required much in the way of configuration. | fossuser wrote: | Yes - 1Password is excellent and in the rare class of | applications that actually ships new features that are both | unexpected _and_ useful! | codethief wrote: | > When I evaluated KeePass, the Wife-Acceptance Factor (WAF) | was not there, though maybe it's improved. | | How about you share one KeePass file for all shared passwords | and keep another one for your personal ones? KeePassDX on | Android can easily handle multiple files. I agree, it's not a | _perfect_ solution but it 's rather low-tech and something | the layperson might still understand. | ssully wrote: | I use KeePass everyday and I really love it. But I would | never recommend it to a non-technical person over something | like 1Password or Bitwarden. It's a great piece of | software, but the user experience is about 15 years in the | past. | bognition wrote: | "That sounds like 1 password with extra steps!" | schleck8 wrote: | What about Bitwarden? Open source and has a free plan for two | people. The family plan includes one more seat than 1password | and costs 20 EUR less per year | alexdrue wrote: | Strongly agree with this one. We tend to use Bitwarden and | it helps me without any problems at all. | halostatue wrote: | My wife and I have used 1Password for years. | | I have, since the family plan was first introduced, also | gotten my aging parents on the plan (so my brother and I -- | both _far_ from where my parents live -- can assist when | required) and my brother. | | My wife has shifted from merely using 1Password to advocating | the use of password managers in general and 1Password in | specific (she had a letter read by Peter Mansbridge on his | podcast a couple of months ago where she did exactly that). | fxtentacle wrote: | I agree with you that the 1Password UI is superior. I also | didn't mean to imply that KeePassXC would be equal in every | regard. That said, feature-wise, both of them solve the same | problems for me. | | But do you believe 7000 years of work is a realistic estimate | for how much effort is needed for KeePassXC to catch up? | | I don't. | bognition wrote: | I've had the exact same experience. It took me about 5 | minutes to teach my partner how to use 1Password and its been | years since I had to help them use the app. | | I've stopped worrying about password re-use or compromise. | Now I'm teaching my kids to use it and they love it b/c they | dont have to make up or remember passwords. | | Yes there are other technically equivalent options but the | fact I can get it setup on an iOS device in seconds and trust | its used is worth every penny. | [deleted] | pier25 wrote: | > b/c they dont have to make up or remember passwords | | The same could be said about any password manager though | lolinder wrote: | Not if they can't figure out how to install it or use it. | rjzzleep wrote: | My wife uses KeepassXC and KeepassAndroid now and syncs it | with her own Dropbox. But yes, 1Password takes a lot less | time for people to get used to. | | But to some extent it took her compromised passwords to | finally start using everything. | rahimnathwani wrote: | F-Droid lists at least 4 Keepass-compatible password | managers (KeePassDX, KeePassDroid etc.). | | Is there one which is best for most users? | commoner wrote: | KeePassDX has its own keyboard that lets you securely | input usernames, passwords, and other fields without | exposing sensitive data to the clipboard (handy when | autofill doesn't handle the field). | | - Website: https://www.keepassdx.com | | - F-Droid: https://www.f-droid.org/packages/com.kunzisoft | .keepass.libre... | | - Source: https://github.com/Kunzisoft/KeePassDX/releases | | Another FOSS app called Keepass2Android has the same | feature, but recent versions of that app are not on | F-Droid. | rjzzleep wrote: | I tried both KeepassDX and Keepass2Android. In the end I | went with Keepass2Android. I don't remember why I chose | Keepass2Android in the end, but I can definitely | recommend it. | andrecarini wrote: | I can't vouch for the other options but I have been using | Keepass2Android (with Google Drive sync) for years now | and it does the job hassle-free. | mox1 wrote: | Agreed, Keepass file synced on Google Drive. Using this | for 4+ years now with 0 issues. Syncs across desktop | (Keeweb), Android (keepassAndroid) and ioS (StrongBox). | Takes 5-10 seconds to sync. | | Also zero need to give any application permissions to | access my Google Account. Using native google drive apps | on all services to sync the file (just using file picker | dialogs with drive app installed). | | Got my non tech parents setup on this. 0 questions asked | once I set it up. | | Also have my partner and I on the same setup...just | works. | edf13 wrote: | > How come 1Password needs the equivalent of 7750 years of $80k | annual salary to build the same? | | One of the comments on the post is that they have 600+ staff? | | Why?? | HikeThe46 wrote: | The individual user is extra revenue to them. Their business is | B2B. Because my company uses 1password for business I also use | it for home and they get an extra $60/year from my household | because I need to already use it for work. | chrisburgin wrote: | If your company is using 1Password Business you can get your | family account for free. https://support.1password.com/link- | family/ | chaorace wrote: | It really makes me wonder what kind of conversations had to | happen to bring investors on-board. I don't want to give too | much credit to investor types, but... surely this must have | thrown up some red flags? | | Exactly what kind of moon-shot ideas did 1Password start | tossing around to get those wallets open? | nerdawson wrote: | 1Password started doing secrets management last year. I'd | imagine they'll go down the path of more business and | enterprise tools. | antupis wrote: | Yeah this I hope strategy is to use current product as top | of sale funel and then sell business secret managment + | other IAM stuff. | howdydoo wrote: | I predict we start seeing "Login with 1Password" buttons on | random websites next to the google and facebook buttons. I | also predict it never catches on. | my_usernam3 wrote: | Hmmm.... I read the headline here and was a little | perturbed. WTF does a password manager need THAT much money | for. | | However, after reading your comment, I hope this is the | direction they go. I actually really like the future where | I can have instant accounts attached to a more anonymous | backend than my social media. I'm sick of things as mundane | as my local gym asking for access to my fucking friends | list. | | Sign-up hurdles are a real thing too. I recently read that | it was a major factor to Microsoft's video gaming stream | service never taking off. | Ajedi32 wrote: | I'm guessing this isn't what you meant, but a password | manager that integrates with the Credential Management | API[1] would be amazing. Would simplify password management | a _lot_ if it got widespread adoption, and provide an | easier upgrade path to strong public-key authentication | using WebAuthn. | | [1]: https://developer.mozilla.org/en- | US/docs/Web/API/PasswordCre... | lkbm wrote: | Based on https://www.future.1password.com/ I'm guessing it | will be closer to LastPass's auto-login. It still uses the | existing username/password form, but autofills and submits | for you. | | So a 1- or 0-click login once you hit the login form, as | opposed to the current 3-click system (see login list, | click to fill, click to submit). And looks like it also | might handle the 2fa portion (which essentially makes it | 1fa). | chaorace wrote: | That's certainly an eyecatching idea! I'd hate to be | engineer in charge of that idea, though... how would you | even begin to drive webmaster adoption? Even with the | leverage of their massive userbases, Google/Facebook logins | are far from ubiquitous. | rattray wrote: | > how would you even begin to drive webmaster adoption? | | "If your users use 1password, they won't keep forgetting | their passwords (causing frustration and support burden) | and won't use weak passwords that result in account | takeovers (support and eng burden). Plus, you and your | users won't be beholden to the whims of fb or Google". | | Just one idea. | nathanganser wrote: | Universal login future.1password.com | moritonal wrote: | Passwords are boring, hard and important. Customers know | that, so are likely willing to spend a monthly fee to feel | safe. Critically, they're unlikely to swap to a different | provider when there's so much setup involved. | | Lot of money to make with those factors. | abduhl wrote: | The data that can be obtained on users by just knowing | where they choose to create logins for is also worth | immense amounts of money, without even talking about how | often they login. | jrm4 wrote: | Correct, but also a warning sign. "Boring, hard and | important" should rarely, if ever, be left to private | companies as an isolated thing. They need to somehow be | baked into the model of the other things that use it. | | It's the same reason there should be no such thing as a | "structural integrity" company separate from the building | contractor. | chaorace wrote: | Sure... but "good investment" and "good VC investment" | aren't exactly the same thing. 1Password isn't exactly | small and it's not exactly poised to explode either. | | I get that there's an untapped market of non-technical | users, but I am rather skeptical that advertising alone | will have much success in activating it -- they'd need some | innovative approach that changes the way non-technicals | approach password management. | alx__ wrote: | They're making a push into enterprise. More companies are | using them. And they're beta testing a dev secrets setup like | HashiCorp's Vault | jiveturkey wrote: | > They now need to grow at any cost | | Dude, that ship sailed at their last (and first) raise. It took | a little while for the shoe to drop, which was about 6 months | ago. | kar1181 wrote: | This was my first thought. "Oh no". | wilkommen wrote: | I use KeePassXC on my Mac and KeePassium on my iPhone and it's | so great. And it's free. It's some of the best free software | I've ever used. | torstenvl wrote: | I decided to go with Enpass instead of KeePass* but | KeePassium for iOS gets my vote. It's faster than Strongbox, | more configurable, and the developer is very responsive. | thewarrior wrote: | Coming soon - 1Password stories | staticassertion wrote: | The cost of a password manager is effectively 0 dollars for a | company, so if they charge "more" than others it makes no | difference. | aceazzameen wrote: | Oh no, my thoughts exactly. My wife and I were just talking | about setting up 1Password to switch from LastPass. It looks | like BitWarden might be the best option if only for longevity. | ronnier wrote: | Just switch to self hosting bitwarden. Stop using "the cloud" | as much as possible. | [deleted] | EGreg wrote: | Why is it that whenever intrinsic, usual operations of | capitalism are described (which happen 99% of the time) such | as... | | 1) whenever VCs invest in shares of a project | | 2) they tend to subsidize money-losing unit economics to | "reduce friction" resulting in attempts to lock-in people and | monetize their attention later | | 3) when the VCs later dump it on the public, the company has to | now answer to wall street shareholders and its executives are | heavily pressured to have quarterly earnings calls | | 4) they must find ways to extract rents forever because whoever | bought at the top (the majority) wants to see their shares go | higher, even at the expense of the public interest | | 5) whereas cryptocurrency could be about collective ownership, | if there is no separate shareholder class then the network | participants ARE collectively owning the means of production | (basically, textbook socialism) | | Whenever something like this is stated, anarcho-capitalists and | right wing libertarians say: | | Oh, there is NOTHING wrong with capitalism. That's not REAL | capitalism. That is corporatism / cronyism. (Some go further | and quote Mises/Say/Praxeology: "only individuals can act, | organizations can't act.") | | Then about collective ownership of the means of production / | distribution / the network they say... "That's not REAL | SOCIALISM. Socialism is when you use central government and | planning and has led to so much misery and famine..." | | So, a mainstream application of capitalism isn't "real" | capitalism because laissez faire capitalism doesn't require the | State. But credit unions, housing cooperatives, democratically | run universities and now cryptocurrency DAOs are not "real" | socialism because socialism requires the State? | | There is a huge double-standard here, and I would encourage | ancaps to answer the following questions: Why | not use mainstream dictionaries and encyclopedias for | definitions? Why not admit libertarian socialism | exists Why not compare the results of democracy | vs top down ownership in organizations on both the | participants and the public good | | Also, we can move beyond Libertarian Capitalism vs Libertarian | Socialism discussions, to simply ask how to best structure | decision making in a project. | | You can have cryptocurrency run top-down where people work on | stuff to survive, and the parent company must make profits. Or | you can remove the profit motive and have wikipedia, open | source, science, etc. But then you'd need to subsidize people's | maslow's needs with a UBI. | | See for example how your very news and media is affected by the | profit motive... compare something like WikiNews vs CNN and | Fox. Where are the movements to do something about it? Here is | one example I am working on myself: https://rational.app | Sohcahtoa82 wrote: | I don't see how cryptocurrency solves any of the problems. | Items 1-4 would still exist. The only difference is that the | corporations would be funded with ETH/BTC/DOGE/whatever | rather than US Dollars. | EGreg wrote: | No, not at all. It is the difference betweena credit union | and a bank, a housing cooperstive vs a landlord owned | building. | | To use a real world example: DisneyWorld is a city owned by | a corporation, instead of democratically run. Because the | people who own DisneyWorld shares (shareholder class) | aren't the visitors -- the visitors buy DisneyDollars. They | are the consumer class. | | And there is also the working class (people who work in | DisneyWorld) and their employers (small capitalists) who | run a business inside DisneyWorld and pay rent. | | Disneyworld and other cities could have its own smart | economy with DisneyDollars and never have to raise money | from speculators. Think of DisneyDollars as utility tokens | and shares as security tokens for speculators. | | Here is how it works in detail: | https://intercoin.org/communities.pdf | Trias11 wrote: | >> And they'll throw their users under the bus | | You cannot really throw users under the bus in highly | competitive and lucrative space. | | It's not that difficult to export full data from 1password and | move on. | amelius wrote: | > How come 1Password needs the equivalent of 7750 years of $80k | annual salary to build the same? | | This is once again just a case of investors hoping to make a | pile of money so big they can corner a market. Sadly, they have | no idea how cornering a market works (or doesn't work) in the | case of digital products like this. | malwrar wrote: | Don't forget that this isn't used by just individuals-- | businesses use it too to share credentials for things like the | corporate Twitter account, internal systems, etc. I'm willing | to bet that further investment there could help back up that | valuation. | vidarh wrote: | Realistically their B2C accounts are a sales funnel for their | B2B. Because I was familiar with it for my own use, my | employer uses it and they make much more money that way. | | Because they also let you get free family accounts if your | company uses it, they presumably then rope in a lot of | individuals for personal use who then become incentivised to | want their next employer to use 1password too. | gruez wrote: | >How come 1Password needs the equivalent of 7750 years of $80k | annual salary to build the same? | | sales/marketing | waynesonfire wrote: | Good call, residential users are solid maybe they're going | after the corporation use case? | dominotw wrote: | refer to the famous dropbox comment on HN. | | 1password is just more usable for most people. | AlexandrB wrote: | They previously raised $100M in 2021[1] and in my mind the rot | has already set in. 1Password 8 is not OS-native and is an | electron app. Local vaults are no longer supported - you must | use AgileBits's cloud. And 1Password 7 shows non-dismissible | ads for upgrading to 1Password 8[2]. | | Edit: They also inexplicably (and silently) dropped support for | the 1Password iOS share sheet while directing users to the | 1Password iOS Safari extension (which only works if you use | AgileBits cloud and does not work with local vaults)[3]. | | Edit2: Missed another $200M raise in 2019[4]. That puts them at | nearly $1B in VC funding now. | | [1] https://techcrunch.com/2021/07/27/1password- | raises-100m-at-a... | | [2] | https://old.reddit.com/r/1Password/comments/qjb4l4/theres_no... | | [3] | https://old.reddit.com/r/1Password/comments/pxpdcd/ios_share... | | [4] https://techcrunch.com/2019/11/14/fourteen-years-after- | launc... | Graziano_M wrote: | I'm hanging on to 1password 6 for as long as I can. I can't | use the browser plugin on firefox anymore, so I have to | copy&paste my passwords in, but at least I have my vault | stored locally. I also paid something like $70 and had the | rug pulled from under me when they wanted to start charging | monthly on top of that. | | It's not that I expect support forever for software I paid | once for, but I think that the monthly, no local vault is | worse than what they offered in 1password 6. I am OK with | having to manually copy in passwords. | jwong_ wrote: | I am using 6, and the classic extension still works for me | on Firefox. It was only when they discontinued (and refused | to port) the Safari classic extension that I couldn't use | Safari anymore. | | [0]: https://support.1password.com/cs/1password-classic- | extension... | fortuna86 wrote: | Works for me on Chrome too, but not Brave (my browser of | choice). | | Are there any security concerns holding on to 1p 6.0 ? I | notice the mobile app still sees updates, but could there | be in theory an unpatched security hold in the desktop | app ? | Graziano_M wrote: | That's part of the reason I am OK with just copying and | pasting in firefox. It keeps the desktop app isolated | from the browser. | steelstraw wrote: | They have virtually endless developer resources and aren't | building native apps?! This is insane. Not only from a | performance perspective, but more importantly from a security | standpoint. The more they rely on 3rd party code, the more | vulnerable they are. | johncalvinyoung wrote: | Basically all of the above makes me very sad. But it's still | useful enough that I'll still be paying, but they are drawing | down that goodwill. | cced wrote: | You also cannot attach pictures to ios secrets without the | new subscriptions. | 72deluxe wrote: | This is crazy. Is there any reason to learn how to write with | a speedy native toolkit anymore?? | barkingcat wrote: | "KeePassXC was still free open source and developed by | volunteers in their free time." | | This is _not_ a benefit. Within the next 2 years, be wary of a | log4j level exploit within Keepassxc. | | If a software isn't being supported by a steady source of | income, it really quickly can get behind in security and tech | debt. | | After all the discussion on here about how we can support open | source projects, why is it still a badge of honour to say that | a software has no support and is functioning on life support by | "volunteers in their free time"? | | I'd suggest any users of KeePassXC take their money and put it | where it counts: find the organization that develops KeePassXC | and give them the $60 a year that it costs to buy a commercial | password manager like 1password. | | If KeePassXC has all the features you need, it's worth paying | them for it. | pydry wrote: | LastPass was bought for $100 million and had some security | howlers. | | "pass", on the other hand, has no funding and no security | vulnerabilities. | | I'm pretty sure it's more secure to use apps engineered with | a deliberately tight scope that arent lavishly funded than | egged-up VC bloated monstrosities. | | You wanna bet that building in electron is gonna keep | 1password more safe? I wouldnt. The attack surface on that | thing is gonna be huge. | ahtihn wrote: | Closed source products are really well known for investing in | security and keeping tech debt to a minimum. This is why no | commercial closed source product depended on something like | log4j without thouroughly auditing it first. Oh wait... | senko wrote: | > "KeePassXC was still free open source and developed by | volunteers in their free time." | | > This is not a benefit. | | Parent never claimed this, they were questioning why 1p would | possibly need 620m for developing roughly the same value. | hogrider wrote: | Because central bank shenanigans made the whole economy a sham. | alecco wrote: | This opens a great opportunity for an open source disruptor to | scoop their paying customers. Keeping it simple. I would be | happy to throw in $100 to some crowdfunding as long as there's | at least one legit security dev onboard. No Crypto bros please. | deadbunny wrote: | Search for Bitwarden. No crowdfunding needed. | pier25 wrote: | > And they'll throw their users under the bus | | Just as they did when all the snafu with Dropbox and the switch | to a subscription based service. | | Before the subscription service, I had spent hundreds buying | all their apps for me and my family. 1P wasn't cheap but it was | worth it. They used the users' Dropbox to host the web based | vault. Obviously one day Dropbox decided it was not ok to use | the public folders to host websites. | | It really was a shitstorm in 1P's forums and they handled it | very badly. | | 1P could have spent pennies hosting the vaults on S3 or | something but they decided to tell their paying customers to | switch to the subscription if they wanted a web based vault. | They didn't even have the decency to offer a free year to the | subscription or something. | throwaway64643 wrote: | 3 buck per month? Family sharing for 5 buck? Nah, this is the | typical bait&switch strategy (same as Netflix). It is cheap | now. But it won't be cheap in the future. | scblock wrote: | Exactly. Once you raise a bunch of VC money you've sold your | actual business to vampires. From now on it's grow at any cost. | Add bloat, feature creep, unrelated projects, cost increases, | and probably user data mining and sales on top of it. How was | their rather expensive subscription fee and large subscriber | base not sufficient to continue operating profitably? | cactusmatt wrote: | I don't know. Greed? I've been following the 1Password Saga | for a while (long time user), and how they responded to the | electron pushback seemed like they lost their initial vision | and what made them "in touch" with their users like me. | nathanganser wrote: | What was the electron pushback? Link? | cactusmatt wrote: | With 1Password 8, they shared news that they were moving | from native (mac) apps to an Electron UI/frontend with a | Rust backend. They did an AMA on Reddit, but didn't show | up for a while and got hammered by their users. Their | refrain, until Dave Teare showed up, was "but it will be | on Rust and the backend will be faster" and didn't | acknowledge why users might be upset with the move from | Native to Electron apps. | | https://www.reddit.com/r/1Password/comments/p2dmpt/all_ab | oar... | Spivak wrote: | I think it was a mistake to even involve the online | community. Of course nerds want you to build a high- | quality native experience on every platform because they | are heavily invested in their platform of choice. | Listening to these kinds of users at all will drive your | business to ruin. | | Honestly building on "tech stack power users hate" is | probably the easiest way to fire all your worst, most | needy, users. | upbeat_general wrote: | Reading about it now, it feels like the electron move was a | result of the VC money. With pressure to grow comes endless | A/B tests, gimmicky features, etc and having too many | different platforms means you need to split the work across | more devs. Trying to match the extra functionality _and_ | have the same look is pretty difficult as a program grows. | | That being said I hate that 1Password needs that. It's just | a password manager at the end of the day. | akerl_ wrote: | I'm amused by the large portion of the Hackernews userbase | that seems to view venture capital as an absolute evil, given | that this is YCombinator's forum. | | Can you really not think of any examples where VC capital has | improved a company, product, or service? | scblock wrote: | Viewed that way because it's the truth. It ruins everything | it touches, but makes a few rich people along the way. For | some that's the goal, but it's absolutely a net negative. | CosmicShadow wrote: | I cannot and it's widely known how they ruin thing with | example after example. I'm sure some VC has helped a few | people inadvertently along the way (although it was likely | the founders, to the chagrin of the investors, that did | anything positive). The VC business is to make money, no | matter how shitty they make things, by blowing them up or | letting them die, they don't care for anything else, why | would they. | | I would think most people view YC more in line with the | Angel round, which is an entirely different view point; | Angel's are actual helpful people who did something on | their own to achieve success (not poser VCs) and/or are | mentors and coaches who want to give back, but it's | unfortunate that people need to go beyond angel to VC, and | the expectation from the angels is that you must or they | won't make their money. | | Just because we are on a YC forum doesn't mean we have to | suck the industry's dick. | gen220 wrote: | I don't think the problem is with capital writ large, but | rather the perverse influence of capital incentives as | applied to a personal security product. | | The value one gains from a personal security product (data | portability, availability, accessibility) is often at odds | with the interests of capital, which lean towards moat | construction and rent-seeking. Over time, in a for-profit | company, capital will always "win". Trading equity for | other peoples' cash investments only accelerates the | process. | | For an adjacent example, LastPass never took a dime of VC | money (afaict), but their structure as a for-profit company | pushed them to lock down their product and charge rents, | where they had not previously. If they had taken VC money | or went public instead, it may have delayed the inevitable, | but it only would have been a delay, not a solution. | | People in this thread are disappointed, because these | companies began their lives with a compelling, free, and | user-empowering invitation, and it is sad (although not at | all unpredictable) to see those features taken away by the | incentives of capital. I think it's understandable, and I | wouldn't read it as an indictment of VC writ large. | moises_silva wrote: | > For an adjacent example, LastPass never took a dime of | VC money (afaict), but their structure as a for-profit | company pushed them to lock down their product and charge | rents, where they had not previously. If they had taken | VC money or went public instead, it may have delayed the | inevitable, but it only would have been a delay, not a | solution. | | I do not understand. It's a business. Why would anyone | expect important services to be free? during ramp up | there's a benefit of providing free or discounted | services while you grow, learn what users want, estimate | your own costs, etc; It was a free ride and you can enjoy | it while it lasts. Why would anyone expect a free ride to | _also_ last forever? | | In my opinion great products need a strong balance of | capital and ideals. Capital incentives unchecked by a | counter balance of leadership actually believing in the | mission of the company can lead to bad outcomes. Pure | idealism without adequate funding has another set of | problems though. | gen220 wrote: | > Why would anyone expect important services to be free? | | I think the "common person" does not see these as growth | hacks. The internet is full of things that "appear" free, | and have "appeared" free forever. | | You have x-ray vision for how these businesses work | internally, and you describe the playbook very | accurately, but most people do not have this kind of | context. | | Which makes it hard for those people to distinguish "good | people doing good work for the good of all" from the | playbook you describe. It's especially hard when the | company describes itself as the former externally. | | > Capital incentives unchecked by a counter balance of | leadership actually believing in the mission of the | company can lead to bad outcomes. | | This is true. As a customer, depending on the good-will | of leadership to counterbalance the influence of capital | is depending on humans, and even really good ones are | fallible and temporal. | | A for-profit company blessed with good leadership today | does not guarantee a for-profit company with good | leadership tomorrow, a year from now, and so-on. | Eventually, within the constructs of a for-profit | company, capital always wins. | | > In my opinion great products need a strong balance of | capital and ideals. | | Yep yep, value creation and openness are not mutually | exclusive, and one does not have a monopoly on the other. | | However, I'd argue that value _capture_ and openness are | mutually destructive: only one wins in the end, and the | total victory of either marks the death of a business | (i.e. something that generates profits for shareholders). | | From a consumer's point of view, once an organization | gets in the mindset of optimizing for value capture over | value creation and openness, it's time to consider moving | on. | | The paradigm-shift of software is that the victory of | openness no longer means the destruction of customer | value, because OSI-licensed software can outlive the | business. | moises_silva wrote: | > This is true. As a customer, depending on the good-will | of leadership to counterbalance the influence of capital | is depending on humans, and even really good ones are | fallible and temporal. | | Well, I dunno, you always are depending on the "good | will" of leadership. They could decide to squeeze every | cent and provide as little value as possible at any time, | whether they have venture funding or not. If your | alternative is a "non profit", look at Mozilla, plenty of | people unhappy with a lot of their decisions and users | feeling "betrayed". I don't think we can expect most | services to run as non-profits regardless. It's an | imperfect system, but is the best we've got so far. | | > From a consumer's point of view, once an organization | gets in the mindset of optimizing for value capture over | value creation and openness, it's time to consider moving | on. | | I'd argue this comes _after_ the IPO. When you have | millions in venture capital, is easy to keep running the | business at a loss and keep growing. When it 's time to | make a profit is when things start getting hard. | | I suppose this is what some people don't like. They'd | like founders/businesses that stay small and focused on a | niche, make money but not too much and keep a good value | product running. Without looking at 1Password finances | though, even when it was a paid service, we don't know | how profitable it was, if at all, and may be going after | enterprise customers with this new funding is the only | way to not only 'break even' and start making some good | profits. | gen220 wrote: | > you always are depending on the "good will" of | leadership | | This isn't true if the product is FOSS. The Mozilla | Company can be a disaster, but that's OK because Firefox | is OSI-licensed. It will outlive Mozilla, and one or more | community forks will appear to replace it, if needs be. | | For example, observe how https://rockylinux.org/ rose | from the ashes of RHEL/CentOS, after Red Hat were | acquired by IBM. | | The lesson is that as long as there's interest in an OSS | product, there is money to be made servicing (hosting, | bug-fixing, whatever) it. Where there is money to be made | servicing it, a business will appear to soak up the | demand. | | > I'd argue this comes after the IPO. | | I think it's purely a function of who your shareholders | are, what your unit economics are, and how much money you | have in the bank. It can happen to any stage of company. | In general, contrary to popular HN belief (not saying | it's yours), VCs prefer not to put good money after bad. | | There are many public companies that are _not_ | relentlessly pursuing value optimization, because they | have good unit economics, and have invested in attracting | shareholders that are aligned with this idea. They are | not starved for cash, and can raise money with low- | interest loans when a growth opportunity presents itself. | | > Without looking at 1Password finances though, even when | it was a paid service, we don't know how profitable it | was, if at all, and may be going after enterprise | customers with this new funding is the only way to not | only 'break even' and start making some good profits. | | Like you say, we can't comment on 1P directly without | knowing access to their Stripe account. | | One might charitably say, their business hitherto was an | experiment to see if one could build a VC-scale business | around the problem of personal password management. The | answer is no, but they can leverage their experience | gaining that knowledge into solving a similar problem at | an enterprise scale. That's probably how the execs & | employees think, and it's a very reasonable take. | | Unfortunately, while it's optimal for long-term viability | of their business, it's not optimal for the consumer | world writ large. While 1P has bootstrapped at the | consumer's expense and benefit, building a consumer- | facing brand for themselves along the way, it is now all | downhill for the consumer from here, because they are no | longer the focus of the company. | | One can imagine a counterfactual, where they had | developed their core applications as FOSS. 1P the | business could continue to make money as 1P-enterprise, | and "the people" could take over maintenance of | 1P-consumer, if there was sufficient interest. The | valuable experience they've accrued in building their | product would continue to spin off value, instead of | slowly grinding to a halt. | | --- | | Don't get me wrong, if you put me in the shoes of some | exec at 1P with a fiduciary responsibility, I would do | the same thing they're doing. It's the only rational | direction. Their decision space is/has been heavily | constrained by their initial conditions (accepting VC | money, not starting with a FOSS product, etc.). If they | hit `git push` to some public remote today, they risk | losing the entire network they've been investing the last | N years in building. It's not reasonable to expect people | to make that trade. | | I guess I'm hopeful that people will observe these | outcomes, that it may influence their own decisions in | choosing the initial conditions of their own projects. | Sometimes fiduciary responsibilities contravene social | responsibilities, and the superior cure for that | circumstance, like with so many others, is prevention. | neon_electro wrote: | 1Password has been a paid product since its inception. | moises_silva wrote: | Yeah I get this, I'm a paying customer. Not overly | worried, as long as I can export and move on to another | service. I used to be a LastPass user until 2yrs ago. I | was replying to the comment about LastPass starting to | monetize users (e.g limiting the free tier functionality | even more). | AlexandrB wrote: | I think the big VC raise is often the moment that many | companies' relationship with their users goes from friendly | to adversarial. I suspect this is because the incentives | become misaligned. A bootstrapped company needs to keep its | users happy to keep the money coming in for operations and | growth. User churn is expensive at this stage. A funded | company has other options such as running at a loss to | attract new users and outpace any churn in the existing | user base. | NineStarPoint wrote: | I can think of many times where VC capital has improved a | company, in two ways. The first is in allowing a company to | scale far more quickly than it could have naturally. The | second is in creating connections to other companies, | essentially getting a foot in the door to convince those | connections to use the company's product. | | But rarely improved the product. At best you have a company | that does keep it's soul, and continues to improve the | product as they would have on their own. Far more often, | the product and pricing structure is made worse in the long | run through VC investment. It's not necessarily VC | interference that is solely to blame, the change in size | and scope that tends to come with such investment is a | massive hurdle on its own. | | Of course, taking VC capital is almost certainly necessary | to continue to exist, given you are competing against | others who will take that capital and quickly use it to out | compete you if you do not. I just view this as unfortunate, | when I find companies that grow at a more natural speed to | generally create better products. | arepublicadoceu wrote: | > Can you really not think of any examples where VC capital | has improved a company, product, or service? | | I honestly can't, do you mind sharing a few examples to | prove your point? | | I have a long list of "stopped using because went to shit | after VC was injected" | | 1. WhatsApp and Facebook relation | | 2. Twitter and the loss of control over my feed | | 3. Spotify and the podcasts shenanigans | | 4. Dropbox and their assholery against free users | | 5. Evernote and their assholery against free user, | increasingly useless redesigns and lack of improvement on | the basics | | Etc. | absolutelymild wrote: | Twitter had a venture led Series A in July 2007 | | https://techcrunch.com/2007/07/29/more-information-on- | that-s... | mbesto wrote: | Survivor bias at its finest. | | Dropbox, Spotify, and Twitter all used VC money to | launch/improve their product. Just because you don't | specifically like the traunch of VC money that was used | prior to IPO doesn't mean _all_ VC is blood-sucking. | | There are countless examples of products people use that | have had some form or shape. In fact, I'd argue there are | rarely apps that anyone uses here on a regular basis that | _didn 't_ have some form of VC money injected into them. | The only one that comes to mind is (1) Basecamp (but | technically they took money from Bezos) and (2) Atlassian | pre IPO (now public). | [deleted] | pgwhalen wrote: | I'm confused about what the point is here. Isn't every | single one of these companies venture capital funded? | stickfigure wrote: | Were any of these companies bootstrapped? Weren't they | all investor-funded creations from the start? | addingnumbers wrote: | Isn't this $620M investment about 5,000x the amount of a | typical ycombinator investment? | caskstrength wrote: | I don't consider venture capital absolute evil (or evil at | all), but don't understand why old profitable company with | established user base needs to take such ludicrous amounts | of money from VCs. What are they planning to do to return | that investment? Grow by any means necessary and sell out | with all our data to big tech company? As a long time | 1Password user I have a bad feeling about this. | mizzao wrote: | Whatever, maybe they'll introduce some super discounted plan so | I can finally switch over from LastPass before they also | succumb to growth shittiness. | ajmurmann wrote: | 1Password, like Evernote, to me is a canonical example of an | app that's actually "done" and ideally would enter a sustain | mode. | tlogan wrote: | The are going to focus on the enterprise market. Good for them | but this also means that they will make things worse for small | businesses and personal users. Intentionally or non- | intentionally but it will happen. | | But that is nature of the beast. | [deleted] | natch wrote: | They already threw their users under the bus once by changing | to an insanely money-grabbing subscription model. But yes, | agree with everything you said. | Semaphor wrote: | 1Password has the cloud, so maybe a better comparison would be | bitwarden, not free (to use their hosted service) but FLOSS. | Everything else stands, though ;) | lotsofpulp wrote: | The cloud part of a password manager can easily be handled by | any file sync service, which are free and indistinguishable | in quality from 1password. | paulryanrogers wrote: | Generally agree but there are important edges where that | breaks down: shared vaults, one time access, posthominis | access, etc. | a5aAqU wrote: | Maybe for technical people. | rootusrootus wrote: | Well played! It's like Dropbox all over again. | [deleted] | abeppu wrote: | But 1Password previously had the option to _not_ use their | cloud, and they deliberately killed it to push people onto | their subscription offering. So I think in the context of a | conversation about how financial conditions will force | changes which change the customer experience, I think it's | entirely fair to compare them to a non-cloud option. | dkonofalski wrote: | >they deliberately killed it to push people onto their | subscription offering | | There are things available via the Cloud version that | aren't available with local vaults and, in order to | maintain those, they decided not to put the time into | implementing those changes for local vaults. Local vault | users are less than 1% of their user base. | deadbunny wrote: | How is that not deliberately pushing people to move to a | subscription model? | dkonofalski wrote: | Parent comment said they killed it. They didn't kill it. | You can still use local vaults currently. You won't be | able to any more in newer versions because they're no | longer at feature parity. Killing it to push people to | the subscription model implies malice. | chaxor wrote: | Wouldn't KeePass + syncthing be just as ubiquitously | available, with more security? | Semaphor wrote: | Yes, especially nowadays that sync errors are not | commonplace. I use it with Nextcloud. But that still | requires you setting up your own thing, which is why people | like 1password and bitwarden. | the_duke wrote: | Bitwarden is free for personal accounts. | wlesieutre wrote: | Bitwarden has free hosted accounts, they just don't have all | features enabled. Most notably, you can't store attachments. | fortuna86 wrote: | I guess my offline standalone license now has its days | numbered. Sad. | [deleted] | hodgesrm wrote: | Alternative view: I'm glad to see 1Password obtain abundant | financial backing. I use 1Password personally and at my | employer. It's really good. I won't switch as long as they keep | it that way. Seems as if they have enough money to do that | regardless of what happens in the market. | | p.s., How is this really different from going public? I'm sure | they considered that option. Either way you are answerable to | investors. | xmorse wrote: | What about being profitable? If you need 620M to keep the | company alive what will happen next time? | AlexandrB wrote: | Yeah, I'm much more worried about their future now than I | was 5 years ago. Having to justify a $6B valuation for a | password manager means making risky moves into new markets | that may not pan out. If things don't go well, AgileBits | will be sold for parts. Perhaps to the same kinds of | vultures who own LastPass and TravisCI. | Aeolun wrote: | Fire all developers and rest on your laurels for many, many | years? | | But of course they can't do that because VC, right? | hodgesrm wrote: | It's not enough to be profitable (which they claimed to be | in 2021). But even if they are profitable, it's unlikely | they generate a lot of cash. For a secure future you also | want a nice pot of cash to be able to make investments and | to weather dips in the market. | [deleted] | bananapub wrote: | yikes, this is a terrible take - $620m of capital means they | are expected to become enormous and make huge returns, or go | bust trying. | hodgesrm wrote: | Not necessarily. Let's say you want to build aggressively | to $1B revenues with a $1B annual run rate. Let's further | say you pretty much keep expenses and revenue directly in | line, so you don't lose money but you don't gain either | while building. So, your cash reserves remain the same. As | your revenue grows, the cushion you have to deal with a | market downturn or seize unexpected opportunities declines. | Having a cash cushion up front solves this problem. | | I don't have any special insight into 1Password's strategy. | But I run a company that is essentially bootstrapped and | what I described is exactly how we think of cash reserves. | In the bootstrapped case, there's a basic math problem that | to maintain a constant runway while growing rapidly you | must be cash flow positive by an increasing percentage as | time goes on. Perhaps 1Password is just looking to protect | a long runway that will get them to IPO. | dahfizz wrote: | 1Password is like 15 or 16 years old at this point, right? | The fact that they still need "financial backing" after all | that time is extra alarming, IMO. They have raised nearly $1B | in VC money! | | This has come with all the expected side effects. No local | vaults, electron apps, forced subscription payments, etc etc. | More VC money makes for a worse customer experience, almost | universally. | | > How is this really different from going public? | | Venture Capitalists are not like the general public. People | trading public stocks value fundamentals - a good product | that generates _profit_, _steady_ growth, etc. VCs want | cancerous, explosive growth and are willing to take the risk | that the pursuit of cancerous growth kills the company. | hodgesrm wrote: | People who own public shares value return on investment, | which in today's market is only loosely couple with | fundamentals in many cases. It's hard to explain the value | of a lot of public tech companies any other way. Rivian | (RIVN) is exhibit A. | loeg wrote: | This isn't sustainable financing -- it's growth financing | that they will eventually need profitability to make good on | the investment (or drive them into the ground). I also use | 1password at work and home, and I'd rather they figure out | how to operate profitably without the VC-necessitated | hypergrowth. | [deleted] | songshu wrote: | Question for consumer users of this service who are also Apple | users -- how does it compare to Apple's password management? | partiallypro wrote: | I have as of yet been able to find a password manager I actually | enjoy and doesn't have its share of problems. LastPass, 1Pass, | NordPass, Enpass, KeePass...all of them fall short or feel | slow/buggy or have poor integrations. | hda111 wrote: | I can't trust 1Password when everything is stored in cloud. | 88 wrote: | Presumably a stepping stone on the way to 1Password being | acquired by a major tech company, e.g. Microsoft, Google, or | Apple? | chriscjcj wrote: | Used 1Password for years and years. Being forced to have my | password database leave my control and be hosted by a third | party, AND pay a subscription fee for the privilege was a bridge | too far. | | I now have a vault-warden docker running on my Synology NAS at | home. I have Bitwarden running on my computers and mobile | devices. I have no ports open to my NAS. I'm using a UDMpro | router and have an L2TP VPN configured. This allows me remote | access. I pay nothing and I'm in complete control of my password | data. This has turned out to be a wonderful setup and I'm very | grateful that it's possible. | Croftengea wrote: | They will probably go Dropbox route. Dropbox used to be an | excellent file sync cloud service with a robust support on many | platforms. They did just one thing and did it well. Now Dropbox | is positioning themselves as business-team-collaboration- | streamlining-platform for everything whose software is balancing | between poorly programmed malware and useless enterprise | bloatware. | worldsayshi wrote: | This makes me think that the real problem here is vendor lock | in. If users didn't feel such a reluctance to switch between | services then there wouldn't be such an incentive to bloat | existing services rather than just building it somewhere else. | manmal wrote: | Apart from lock-in, first mover advantage is a big one too. | Humans don't like change, so they stick with services as long | as switching provides no big benefits. | | My small company has stayed with our initial bank even though | we were quite unhappy with it a couple of times. They didn't | rock the boat too hard, so we've been with them for 8 years | already - even though I was _this_ close to quitting | sometimes. | tinyhouse wrote: | Did they have a choice? Companies like Google and Microsoft | provide a package of file sync cloud service bundled with many | other services, for the same or lower price. Most | people/companies would find that a better deal. | Croftengea wrote: | No they probably didn't, because by getting almost 2B$ in | funding they forced themselves to compete with MS and the | likes. | elteto wrote: | I forget... didn't Steve Jobs tell them something akin to | "your product is just a feature"? Looks like Jobs was right. | christkv wrote: | This makes me want to consider switching away as they know will | have monetize so who knows how they will mess with me in the | future. Any options out there that supports the same range of | clients and are privately held ? | mrkentutbabi wrote: | I think if they use this for R&D more into security, I wouldn't | mind. It will be better for consumer overall. | | Password manager is still hard to use for the elderlies and | technically non savvy people. | ChrisMarshallNY wrote: | Good on 'em. | | I've used 1Password for years. | | It would be nice to say goodbye to Electron, though... | [deleted] | lekevicius wrote: | Just makes it more clear: this is no longer a product for "us". | yokoprime wrote: | Ok, care to explain your viewpoint further? | SllX wrote: | 1Password is a SaaS utility that provides a tool for | generating and storing login info and other sensitive | information. | | To me; that's immensely valuable, but it's solved for most by | a combination of just using the same passwords or, on | iPhones, iCloud Keychain. | | Now some folks have dumped the better half of a billion into | a tool I pay about $35/year for and is basically feature | complete. They'll want a return on their investment. How do | you expect 1Password will give it to them? | shiftingleft wrote: | > but it's solved for most by a combination of just using | the same passwords | | That's not what I'd call a "solution" | SllX wrote: | Neither would I but they do it anyway. I'll convince | anyone I can to just pull the trigger on 1Password, but | not many do. | lotsofpulp wrote: | Because the need to meet ROI always leads to selling data. | edoceo wrote: | Doesn't always lead to that but...now that the company has | these investors who demand returns the company no longer | has alignment with the customer. The needs of the customer | and the needs of the investors are in direct opposition. | Karunamon wrote: | Only Sith deal in absolute slippery slope fallacies. | Besides, this is a paid product with steady MRR, there's | plenty of growth to be had without compromising the | product. The recent integration with Fastmail for one-click | creation of disposable addresses is a great example. | kfarr wrote: | Raising hundreds of millions of dollars for a built, | profitable product with a tight scope and millions of users | usually means the product scope will increase as part of | their new remit to drive shareholder return. If people liked | the existing tightly scoped product, and for password | management simpler is better for many users, this investment | indicates the product will necessarily move away from the | existing use cases as a condition of accepting the funds. | qqqturing1 wrote: | They will probably invest in business integration/sales. | TBH we need more password management in this world and not | less. Increasing scope in enterprise domain means reaching | users who would otherwise just use post it's for the | passwords. | jerf wrote: | I think lotsofpulp is on to something, but the other major | possible answer that comes to mind is moving more into the | enterprise space. If that happens, it'll no longer be for | "us" because if they succeed, they'll inevitably make much | more money in that space and be all but forced to pivot | harder into it. That'd be much less of a betrayal than | selling more data, but it would still mean that slowly but | surely it would simply focus less and less on single user | concerns. | | IMHO it isn't _intrinsically_ impossible to serve both | enterprise and single customers, but the business people will | always be internally grumbling about the slight additional | expense that doesn 't have a good ROI vs improving their | enterprise product, and the marketing team will want every | other screen to be an ad to upgrade to enterprise which | discriminating users will rapidly get tired of. It'd take | strong and even a bit quirky executive leadership to overcome | those issues. Not impossibly strong, but strong. | | Edit: Also, they don't have the option of slathering their | app with generalized ads. Running ads in the context of a | password manager would be insane and lose all their thought- | leader users in a heartbeat, permanently. So that door is not | open to them. | samcat116 wrote: | Who is us? | dspillett wrote: | Everyone not part of the set who have just invested | $620,000,000 between them. | | Which probably means the vast majority of their users have | essentially been regraded to "product". | schnebbau wrote: | Nerds. | squiggy22 wrote: | Auth0 acquires 1Password. Problem solved. | Sytten wrote: | I will still recommend 1Password over Bitwarden to non-tech | people because their whole UX journey is so well crafted that | even my parents can understand it on their own. The valuation is | most likely based on that and the potential growth in that | market. | | I use and pay for Bitwarden but even I always get lost in the | clunky UI and get frustrated by basic tasks (to a point I am | considering switching). And it only gets worse when you have | multiple teams and all the secrets are mixed up. | studmuffin650 wrote: | Seems like a lot of people are missing the piece as to probably | why they need the money (and where they're pointing the company | in the future). Future of 1Password: | https://www.future.1password.com/ | aniforprez wrote: | I'm actually surprised by all the reactionary comments here | with almost no research. 1Password already has integrations | with Fastmail and Privacy and have launched a Secrets | Automation[0] offering. I'm assuming this money does go | partially into the password manager (which they say has always | been profitable) but I think the money would actually go into | ancillary services for competitors to Vault or Okta for | authentication and secrets. Of course, it's not unfounded that | as consumers we'd be concerned about the affect this might have | on the base product but they've been pretty open about their | ambitions since the first funding round a couple of years ago | | [0] https://1password.com/secrets/ | matheweis wrote: | Two major reasons for the backlash: | | 1: 1Password _already_ backhanded users once for business | reasons. They used to be a nice, local password manager that | synced with dropbox or your choice of filesystem. Then they | added cloud support and used dark patterns to force adoption | of a subscription based cloud service while making the local | version harder and harder to use. At some point I gave up, | I'm not even sure it's possible to use locally anymore. It | might be that the marginal utility is worth it, but forcing | my hand also broke my trust | | 2: This is now the path of the majority of American | corporations, most especially high growth vc funded; make | something awesome, grow, extract profits, die. It doesn't | really matter whether it's burritos or password managers, | we've seen this pattern one too many times. | neon_electro wrote: | It's still possible to use it locally in v7; v8 will no | longer allow it. | | The brand damage has been done regardless. | chasedehan wrote: | True. I'm reading this as an attempt to move into the | enterprise auth space (e.g. Okta). | PragmaticPulp wrote: | > I'm actually surprised by all the reactionary comments here | with almost no research. | | On the contrary, many of us are already experiencing the paid | SaaS squeeze from 1Password long before this fundraising. | | It doesn't matter what they claim to need the money for. The | company and product already declined from a great standalone | option to a forced SaaS subscription payment with the self- | hosted options removed. There's no way I'm buying the story | that they're raising more money _without_ a goal of squeezing | more money from their customers, nor will I believe that | they're only going to get this profit from other customers | while ignoring the consumer space. | | In the real world, companies don't actually segment up their | product offerings and operate them as separate businesses | with separate profitability goals. It's all one big product | mix and they'll be squeezing money out of everything, | wherever they can find it. | jordanpg wrote: | This. Where is the nuance and slow thinking, folks? | | I don't know much about much, but I do know that the far | future of computing isn't going to involve people memorizing | and typing complicated passwords, or using finicky password | managers. There is massive potential for growth and vision in | this space. | neon_electro wrote: | The conversation about 1Password's corporate direction and | the impact on its products, users and the "ecosystem" they | appear to care so much about has been going on for months | if not years before today. There's been plenty of time for | slow thinking. | | I say this as a 1Password subscriber and user of its | products going back all the way to 1Password 3. | ballenf wrote: | Looks like they're aiming to become a cloud-based active | directory, abstracting away authentication to a higher level | single identity. | | They want to become something like a Passport for users across | the web. | | If they can do this, it will be huge. But hopefully I'm not | alone in hating this direction and see tracking individual | identities as a small price to pay to protect freedoms. | otterley wrote: | Microsoft tried this over 20 years ago, even calling it | Microsoft Passport and offering it free of charge, and it | failed miserably: | https://news.microsoft.com/2001/08/12/microsoft-passport- | bri... | Karunamon wrote: | There's such a thing as being _too_ ahead of the game. 20 | years ago is an eternity in tech; there 's nothing to say | it might not work now. | [deleted] | btown wrote: | People thinking this is an absurd amount of money are sleeping on | how 1Password is quietly positioning itself to become _the_ | ground truth storage solution for corporate secret management, | across devops and non-technical groups alike. | | Given Hashicorp's market cap of 11B, and 1Password's narrative on | how to become even _more_ central to corporate use cases by being | the storage layer for Vault deployments, it 's a very reasonable | leap for them to make! | | https://1password.com/secrets/ | | https://1password.com/secrets/integrations/ | | https://1password.com/enterprise-password-manager/ | kmac_ wrote: | Well, Hashicorp stands on _many_ legs and they don 't have much | competition in many areas as theirs solutions are pretty | unique... | rco8786 wrote: | Their solutions are unique but the problems they are solving | are not, they are in direct overlap with where 1P is going. | bradwood wrote: | Cue 1P - Hashicorp merger conversation | sleepybrett wrote: | I've watched three different teams fail to get vault up and | running in any kind of a sustainable way. If they could | solve that problem and add a desktop client they could | crush 1password in this space. Probably wouldn't hurt that | tons of software engineers are absolutely pissed at their | moves in the consumer space recently. | ma2011ma wrote: | sleepybrett; which three are you talking about? and how? | Spooky23 wrote: | Enterprise stuff is slowly moving away from the use cases that | require solutions like 1Password, and since they are neither | FIPS 140-2 validated or have FedRAMP ATOs, they have alot of | work to do. | | They also have the issue of all of the crypto nerds going nuts | when they start getting their FIPS stuff done. | hn_throwaway_99 wrote: | It's still hard for me to fathom this valuation. For example, | all the major clouds (AWS, GCP, Azure) have a Secrets Manager | as simply one feature. I looked into 1Password secrets when | they announced it but couldn't find any reason to use it over a | cloud Secrets Manager. | mdaniel wrote: | For the same reason one might choose Hashicorp Vault versus | the major cloud: cross-cloud, likely a richer feature set, | almost certainly faster release cycles, and (for AWS | specifically) no stupid "pay per request" billing to try and | reason about. I'd guess it can make local development | scenarios better, too | theptip wrote: | I think you are on the money here. I hadn't spotted this but | they have a k8s plugin for example: | | https://github.com/1Password/onepassword-operator | | This solves the "restart pods when my secret is updated" issue | which suggests to me that they are not just paying lip service | with these integrations. | Fiahil wrote: | They probably should merge with https://github.com/external- | secrets/kubernetes-external-secr... | kolbe wrote: | I don't think anyone here is calling it a bad investment for | the investors. We're calling it a bad event for the users. | Matl wrote: | They have been doing some pretty unfriendly moves towards their | long-term customers, like making sure the new 1Password cannot | be used without 'the cloud' like the old one could be. | | I have no doubt raising more VC money will only accelerate such | trends. | | In fact I've decided to move off of 1Password to BitWarden, | since at least one can realistically self-host it. That being | said, it's not exactly easy to migrate from the latest | 1Password so I wrote my own little utility to do it[1]. | | I think we need more competition to VC backed products in | general, just imagine what would happen if the building blocks | of say a GNU/Linux system we take for granted today would've | been built with the mindset that investors are going to want a | return on their investment. | | I am not saying there's anything wrong with that in principle, | but am not sure I want to surrender my passwords to these kinds | of incentives. | | 1 - https://github.com/MatejLach/1password-linux-to-bitwarden | 2muchcoffeeman wrote: | Yeah I don't know how to feel about this. I still have a | license that allows me to use it with a local vault. | | But I really want to get the family subscription. The Premium | BitWarden plan is much cheaper than 1Password but the the | Family plan doesn't get you as much of a discount and my | parents are on iPhones. | | Edit: Dave Teare, the 1Password guy claims that when they | were still offering standalone licences in 2018, people | picked subscriptions over perpetual licences at more than a | 30:1 ratio. Of course, they only showed the monthly price vs | the perpetual price. But I'd hope people understand what | subscription means. | Groxx wrote: | Given how _extremely_ hidden they 've made the perpetual | license option, I'm honestly surprised it's 30:1. That | seems to be a sign of "people want this bad enough that | they go hunting for it for quite a while". | 2muchcoffeeman wrote: | No, they are picking subscriptions 30 times more than | licenses. | | When they first did this it wasn't hidden at all. The | website gave you 2 options side by side. | dsissitka wrote: | Are you sure? It looks like the license option was hidden | almost immediately. | | https://web.archive.org/web/20160915083507/https://1passw | ord... | Groxx wrote: | It was hidden in both the website and the app almost | immediately, yeah. Announced in/near August, and your | link shows it in September: | https://www.windowscentral.com/1password-launches- | subscripti... | | I remember noticing the announcement of subscriptions | (possibly a couple weeks after it happened), being | concerned it'd spell the end for dropbox sync so I | checked it out ASAP, and then discovering my fears were | _mostly_ justified - it still existed (and remained | around for a couple years), but it was shoved waaaay off | into a corner. E.g. in the next subscription-oriented | version of the apps, unless you attached a synced file | FIRST, the option for dropbox syncing or standalone | licenses _was never available_. The official instructions | for fixing this were to reinstall the app from scratch | and attach to the file first, before signing in. | | Notice that only a few months later, the standalone | license mention at the bottom of the page isn't even | there any more: https://web.archive.org/web/2017021511594 | 5/https://1password... | | Super hostile behavior, right out the gate. It was clear | they were going all-in on subscriptions. | Groxx wrote: | That's how I intended it, yeah. I'm surprised it's even | over 1% of people choosing the standalone license. | clairity wrote: | does anyone know definitively which is the last 1password | version that doesn't _require_ cloud? some folks are saying | it 's v6 but i have 7.8.7, and everything seems to be | working fine, as far as i can tell. i still use local | vaults and dropbox syncing to my ios devices without issue. | 2muchcoffeeman wrote: | The last time they offered stand-alone licenses was | 1Password 7 in 2018. Not that long ago. But they seem to | have made it harder and harder to get at the local vault | settings. | | Version 8 will only be subscription based. | clairity wrote: | so ixnay to version 8 then. are you for sure that there's | no version 7 point upgrade that's broken like that? | | my original license was 1password 3 (teams edition or | something like that?) i believe, which i'd been upgrading | all along. too bad they'll lose all this recurring | revenue, even if it's not strictly as uniform and regular | as subscriptions. | 2muchcoffeeman wrote: | No I'm not. But version 7.8.7 is not that old. | | Previously it was one license per user per platform. I've | bought 1Password at least 3 times and pointed them to the | same vault. Can't remember if they had paid upgrades. | | If you are not inclined to host your own server, it | really doesn't seem clear to me to migrate away. Only the | single and 2 user free licence and the single premium | license for bitwarden is a clear winner. For families | it's not much cheaper. | | I'm not even opposed to paying. I've bought 1P a few | times. And I'd pay for another service. I think it's the | fact that they are forcing the choice that gives me a bag | taste in my mouth. But this is irrational if my 2nd | choice is to pay bitwarden a similar amount of money for | a family subscription. | alanh wrote: | Definitively: v7 works with stand-alone / non agilebits- | synced databases; v8 will not. (I think v8 is out for | Windows but not yet Mac.) | | I am a long-time 1Password user who recently made the | leap to their hosted service. 1Password remains best-in- | class for me and has a terrific security record, | especially compared to their peers. While I too lament | the everything-is-a-subscription-now trend, I remain a | strong supporter and avid fan of 1Password. | | The latest integrations offered, for browsers and for | e.g. Fastmail masked email address generation [1], only | work with the cloud offering. I am happy to report that | these latest offerings are fantastic and have tremendous | UX. | | [1]: https://www.fastmail.com/1password/ | mdaniel wrote: | I would bet their Privacy.com integration is also | v8/cloud only: https://blog.1password.com/privacy- | virtual-cards/ | drtz wrote: | Long-term 1Password customer here, no affiliation with | 1Password or AgileBits. | | > They have been doing some pretty unfriendly moves towards | their long-term customers | | From my point of view this was not hostile at all: I used | 1Password with Dropbox sync for years and absolutely loved it | as a personal password manager _for myself_. But sharing of | passwords with family was a real pain. I gleefully signed up | for cloud-hosted 1Password Families at launch and haven't had | a bit of regret. Of all the subscription services I use, at | $4/mo 1Password is easily the best bang for the buck. | | For sharing, it's just sooo much easer than trying to use | Dropbox: I can invite family members just by entering their | email address and 1Password walks them through the setup. I | can create new vaults with the click of a button and easily | select who I want to share them with. I can revoke access to | members just as easily I don't have to have a Dropbox account | and I don't have to wonder about whether I've set the right | permissions on my vault files or whether my free Dropbox | quota has been reached. I don't have to share _my_ vault keys | and passwords with someone else to give them access to a | vault. I can still export and back up an encrypted vault | whenever and however I want. | | It's no accident that all of these features are the same ones | that make their product so attractive to businesses as well: | ease of access and sharing are both essential for adoption by | businesses. | | One more note: I still have my old standalone licenses and | can still go back to 1Password 4/6 with Dropbox sync any time | I want and not pay another dime, as 1Password still has links | to download the older versions on their website: | https://1password.com/downloads/mac/ | markdown wrote: | > They have been doing some pretty unfriendly moves towards | their long-term customers, like making sure the new 1Password | cannot be used without 'the cloud' like the old one could be. | | Despite disliking being forced into a subscription system, I | gave it a go. Turns out I'm not smart enough to understand | their cloud user interface. Was just so confusing. | | I switched to Bitwarden. | Groxx wrote: | This is exactly why I've switched from strongly recommending | them, to strongly recommending against them. Plus their cloud | security UX is _horrendously_ confusing for everyone I 've | showed it to. | | Whoever is driving their cloud push has probably made the | most profitable business decision, but has absolutely no idea | how to make a sane product. | [deleted] | slenk wrote: | Yeah I have been slowly trying to push away from 1pass as | our corporate secrets overlord. 1pass is marketing towards | business but screwing over their original community | mrkramer wrote: | >People thinking this is an absurd amount of money | | Yea it is absurd compared to how much money Google and Facebook | raised back in the day. | beaned wrote: | The money isn't worth nearly as much as it was then. | drdaeman wrote: | To be honest, I've just started using that (just set up a | brand-new infra, started to provision users and thought it's a | good idea to hook it up to a good password manager) and I found | their Secrets Automation is (IMHO) barely usable for now. One | can create most basic records but that's about it. I realize | they don't owe me anything, but - honestly - just from the | notoriety of the brand I've had higher expectations. | | I hope that's just because they don't have enough people and | currently their efforts are stretched quite thin. $620M is huge | amount of money, so hopefully they get new hires and would be | able to deliver. | 0xbadcafebee wrote: | It's a leap people make. I wouldn't call it reasonable. There | is no way Hashicorp generates 11 billion worth of value. The | only reason they get so much cash is the big players are | inflating value so they can gobble up as much cash as they can | before the market comes to its senses and everything comes | crashing down like in 2008. | [deleted] | koboll wrote: | Pretty typical for people here to be zoomed-in on the b2c side | of a business because that's what they use, and fail to see the | b2b side, the underwater mass of the iceberg. | quickthrower2 wrote: | I was going to say something about "just use pgp and rsync" | jrockway wrote: | I think it's a little weird. I have used 1password at two | jobs, and thought it was great, so I bought it for myself. | They want money to sync my passwords between my Windows | desktop and my iPhone. Seems reasonable to me. I program | computers for a living and people pay me. | | I guess there was a free self-hosted type thing at one point | in the past? That was before I ever heard of the product, so | I'm not that upset that it's no longer advertised heavily or | whatever. | | I do have one complaint. They do have k8s secret management, | which I would like to use for my personal cluster, but it's | just too expensive for that. Very weird to show it in the UI | and then when you try to use it, quote you an insanely high | price. (I just use sealed-secrets instead. If my cluster | blows up, it will be a very irritating weekend rotating all | the secrets. But good to do, so meh.) | ubalatte wrote: | "Very weird to show it in the UI and then when you try to | use it, quote you an insanely high price." | | How much did they quote? (if you're able to share) | highwind wrote: | I used to use 1Password when they just sold the application | at a fixed price and I handle all the synchronization | between machines. That option is no longer available. I'm | one of the users who left because of this. | cj wrote: | They used to offer synchronization via Dropbox. Is that | still an option? | jtbayly wrote: | Yeah, we'll, it sucks to pay for an app that is perfect and | then have them ruin it because of their b2b aspirations. And | raising money like this is just another link in the chain | pulling them down into the pit of insanity that ruins the | most-beloved password manager ever. | drtz wrote: | There's a chance that a push toward enterprise may even | result in a feature a lot of us more savvy individual | customers would love to see as well: self-hosting. | wlesieutre wrote: | I think people can _see_ that this is targeting businesses, | but they 're not _happy_ about that because they 're non- | business customers. | | It doesn't bode well for the future direction of what has up | to now been a good consumer-focused product. | | Like how Dropbox has gone from "a folder that synchronizes | your files" to "an electron app for having discussion threads | about files" because that's what business customers want. | vram22 wrote: | yccs27 wrote: | Hopefully the consumer marketshare has some influence on | business decisions, which might make it worthwile for them | to keep non-business customers. This kind of strategy | certainly works for some professional software, which is | often even free for students. | halostatue wrote: | Count on it. | | Unlike many _other_ product companies, they all dogwood | their own code. Also, IIRC all members of a team account | are given a family account for their own use (you'd | obviously have to convert if you separate from the | company), so they are building for _people_. | wlesieutre wrote: | I suspect 1Password sees features like iCloud Keychain | coming and is trying to grow into other markets because a | "good enough" built-in password manager will | significantly decrease their value proposition in the | consumer space. | | Not great if you like their product as a consumer, but | 1Password's biggest feature differentiator right now is | better family sharing than iOS provides. That could | easily change in a future iOS version, and then it's | suddenly a lot harder for 1Password to grow by selling a | $60/year password manager subscription. | | Enterprise features on the other hand, that's not | something that OS vendors are likely to ship. | | While I don't like the newer versions of Dropbox as much | as the old ones, I can understand how pressure from | iCloud and OneDrive pushed them toward enterprise | features over consumer users. | alanh wrote: | I think this underscores some (but not all!) of the negative | reaction to "Zendesk plans to buy (the company behind) | SurveyMonkey" -- the latter of which has developed | significant revenue streams from specific B2B products | rekoil wrote: | Great, maybe now they'll be able to afford native apps instead of | Electron... | napier wrote: | A password manager utility? Are we at peak VC profligacy yet? | vijaybritto wrote: | How will a password storage service make enough money to justify | this mind-blowing valuation? Is selling to a bigger company their | only goal now? | msoad wrote: | 1Password will go to the path of LogMeIn, Okta and OneLogin. | Holding corporations literally by their neck (login) can generate | *a lot of money* | dandellion wrote: | As a paying costumer I can only say that the last thing I want | from my password manager is for it to push the envelope and | explore any boundaries. | mkoubaa wrote: | Maybe with that kind of capital they can afford to fix OAUTH now? | xyzzy_plugh wrote: | Congratulations to all the folks at 1PW! It's been a slog. | | I'm very bullish on 1Password. They are the only product that I | can use across my entire family and workplace with such little | hand holding. | | While they've pretty much solved the consumer front, there is | much to be done to solve the needs of businesses. For example, | right now if an employee leaves, we have to rotate everything | they had access to. Their SSO support and API are pretty new, but | historically managing vaults and users has been a pain. They're | making steady progress. | | I'm excited to see what comes next. | nunez wrote: | Here's to hoping that 1Pass IPOs instead of goes for acquisition | (which would be awful; see also: LastPass). | crate_barre wrote: | Anyone have any insight on how a company like this would even use | $620m? | staticassertion wrote: | 1. Expanding into new markets. "Secrets management" is not easy | - 1Password is currently handling it for humans but they intend | to handle it for services as well, likely competing with Vault. | | They could launch a full identity provider like Okta. | | 2. Perhaps managing other authentication methods. Passwords are | dying, especially with webauthn, so it makes sense to tak eon | some money to explore how to be a player in that space. | | They could compete with Duo, for example, and start offering a | 2FA service. | | Basically, I expect that the vast majority of this money will | not be going towards the 1Password that you use today but | instead towards breaking into new markets. Given the size, | probably new markets that are somewhat established already. | [deleted] | bombcar wrote: | I predict the way and death of all "cloud companies" that start | out doing one thing well; they'll add features and document | sharing and what not until it becomes an unholy mixture of | Dropbox et al trying to "compete" with Office 365 for some | reason. | syntheticnature wrote: | So... Dropbox, then? | syntheticnature wrote: | Advertising is what came to mind. | thibaut_barrere wrote: | Today 1password is largely a product for tech people. Nobody | around me outside tech circles is using a password manager, at | all. They have the whole world to conquer! | | I can envision them (sadly) bought by a larger actor in a few | years, at a huge valuation. | ThePadawan wrote: | That's funny, I only know 1password as that enterprise | password manager that no nerds use, only normal people that | work for not completely tech-unsavvy companies. | | I don't know anyone that uses 1password privately. | edoceo wrote: | Everyone else (ie: non-HN-sapiens) is using the built-in | password manager in the dominant browser (Chrome). | dogma1138 wrote: | Given how many iOS users are out there I don't think that's | accurate, and I'm pretty sure Android has that feature too. | | You'll be surprised how many people don't use a traditional | computer anymore for most of their "computer time". | | And those who do still use a 'PC' probably mainly use Chrome | or any other browser with a password manager. | | The reality is that for most uses a dedicated PM is simply | isn't necessary. | darkwizard42 wrote: | Looks like a large focus will be on corporate users but also on | R&D on the next gen side of password management | (https://www.future.1password.com/) | | It doesn't explicitly say enterprise all over that, but I | expect it to be that way, only place you can get that sort of | return on investment | dbbk wrote: | It doesn't need that much R&D... Apple are already building | out iCloud Passkeys | | https://www.macrumors.com/2021/06/10/apple-icloud- | keychain-p... | WORMS_EAT_WORMS wrote: | This on the surface seems like a ton of money... but I don't know | anything about this level of funding / valuations so who knows. | | I love 1Password and use it for business and for personal. I | recommend it to family and have migrated many people to a more | secure setup as happy paying customers. Shared vaults for | families are so important for emergencies. | | It's expensive though. | | It doesn't provide a quick way to share a URL with a client that | isn't a PITA. | | The interface could be prettier and make more sense. Like why is | the "new" button almost a secret location and barely visible. | | Enabling two-factor with it is the absolute BEST but was buggy | setting up. No simple iOS integration either. | | There hasn't been any super "major" updates in like 2 years to | functionality (despite what blog boasts) | | List goes on but it's the best for now. | | I can't justify paying more. So hopefully there huge funding plan | isn't to squeeze little folk and is more for big business. | | If Apple just went a little bit further with its manager (or even | Google) I'd probably jump ship. | bombcar wrote: | `But we don't just want to keep up; our goal is to push the | envelope and explore beyond the boundaries of traditional | password management.` | | Hmmm, sounds like the time to migrate may be sooner than I'd | hoped. | cstross wrote: | Sounds like they've noticed both macOS and Windows getting | integrated cloud-based password management capabilities and | feel the need to branch out in order to stay one jump ahead of | irrelevance. | | (Disclaimer: I'm a satisfied 1Password customer. Just noting | that their competitive edge is wearing razor-thin these days.) | hcurtiss wrote: | Agreed. And with Edge/Authenticator, it's cross-platform as | well (Windows, MacOS, Android, iOS), and as of recently, it's | close to feature parity. We dropped our Lastpass | subscription. It's probably families like ours that has | 1Password worried. | loceng wrote: | So what's the pitch to the investors then - they'd arguably | need to disclose this possibilty? Or is this next level of | pumping up before dumping on public market via IPO? | theturtletalks wrote: | I long hoped Apple would buy out 1Password and include it in | their iCloud+ subscription. | howinteresting wrote: | As a 1password user on Linux, Mac, Chrome, Firefox, and | Android, dear god I hope that doesn't happen. | cianmm wrote: | There were [rumours of exactly | that](https://9to5mac.com/2018/07/10/apple-not- | buying-1password/) a few years ago | rdtwo wrote: | I wish the Apple password manager worked cross platform. | daggersandscars wrote: | Apple provides a plug-in for Chrome to allow use of your | stored passwords on Windows. Announced last year. I've | tried it on Windows, appears to work, but do not know how | secure it is. | | --- Edited to remove references to Linux. Appears to be | Windows only. | ksec wrote: | Yes. But you can't even use those password on _Mac_ when | you are using Firefox or Chrome. | tonyedgecombe wrote: | It seemed quite buggy when I tried it. | raydev wrote: | Given Apple's track record with other web-related | services on non-Apple platforms, don't expect it to | improve much or at all. | raydev wrote: | They would've immediately halted cross-platform support or | at least severely limited it due to | institutional/organizational issues. Any 1Password | subscriber not using an iPhone would soon be unhappy. | theturtletalks wrote: | Although this could happen, I think it's unlikely. Apple | knows it's a services company as much as a hardware | company now. If you look at their existing services, they | are not excluding non-Apple users. | | - Apple Music has a web UI and Android app | | - FaceTime recently added 3rd party links allowing non- | Apple users to join calls | | - Keychain is being made compatible with Windows Chrome | | It's clear from raising this much money that 1P owners | are doing a "private IPO" or adding more products and | features. If it's a cash out, wouldn't you want a privacy | focused company to buy it instead of VCs funding it and | expecting a return? If they are building new features and | products, Apple buying it could bankroll that and temper | price spikes. | raydev wrote: | > Apple Music has a web UI and Android app | | This is exactly what I'm referring to. I put up with | Apple's website for more than a year as my primary | casual-use computer became a Windows PC. | | I work on iOS apps for a living. App Store Connect has | always been terrible. Bugs linger for years. Elements | continue to break in unexpected ways. The place where | developers receive feedback from Apple is still hard to | find even though it's immensely important. The website | received a major redesign a few years ago and the bugs | were still there! | | Now apply that lack of care to a music website. Being | forced to login daily. Asked to perform 2FA daily, so I | need to keep my iPhone near me if I expect to play music. | Songs inexplicably not playing, if play fails repeatedly, | maybe a page refresh will work. Songs inexplicably only | playing previews, forcing you to log out and log back in. | Zero effort to restore your previous searches. | | Apple makes _attempts_ at providing services on the web. | But for those of us attempting to use those services, the | experience varies from subpar to outright hostile. | | > Keychain is being made compatible with Windows Chrome | | Again, see how people review this in this very thread. | | --- | | Simply providing the service does not mean it's good. | That's what I mean by "institutional" and | "organizational". They half- or quarter-ass what they | ship, and then they leave it to rot. | Someone wrote: | Apart from "works on stuff you didn't buy from Apple" (a | feature that I think isn't in Apple's interest to support | well), what major features does it have that keychain | syncing over iCloud doesn't already have, or could easily | add? | hk__2 wrote: | It goes beyond passwords. I use 1P to store documents, | 2FA codes, IBANs, notes. You can also attach arbitrary | metadata to each entry, and I don't think there's the | ability to filter by category in the iCloud keychain. | ascagnel_ wrote: | Shared family vaults are the big thing for me -- I don't | want to share _all_ of my passwords with my family, but | 1P is a good way to share stuff like streaming service | logins. | Someone wrote: | iCloud KeyChain has automatic sharing of services, but | only for Apple Services (https://support.apple.com/en- | gb/HT203046) | | That might be because they want to make their own | services more attractive (if so, I think they made the | wrong choice), but also could be a legal thing. | | https://www.apple.com/family-sharing/: _"You can add | anyone to your Family Sharing group age 13 and older and | invite them to share an Apple Card"_ , so members of An | Apple iCloud 'family' neither have to be family members | nor live at the same address. | | That's broader than, for example, the TOS of Netflix | (https://help.netflix.com/legal/termsofuse: _"The Netflix | service and any content accessed through the service are | for your personal and non-commercial use only and may not | be shared with individuals beyond your household"_ ) | | Apple might fear getting sued if they make it easy to | share a Netflix password with members of a family plan. | m12k wrote: | To me it means the contrary. If they had to make those $620M | back by just selling password management, then we'd all better | expect it to get crazy expensive soon. But if they branch out | and start making money on other products and services too, then | there's a chance the product I currently use will remain | affordable. | ziggus wrote: | So that means what? My password manager is going to start | crypto-mining, and share the profits with me? My password | manager is going to report all the sites that I have stored | passwords for back to the companies? | | Whatever the case may be, I'm sure it's going to turn out to be | something completely worthless to me. | | Fortunately, there's always Keepass, which keeps plugging away | doing exactly what it says on the tin. | XorNot wrote: | Oddly enough 1Password could innovate productively here: use | some market clout to push for a standard way for password | managers to do automatic password rolling without user | interaction. | | Imagine a world where a standardized protocol let a company | put out verifiable "we've been hacked notice" and my password | manager would just take care of it next time I opened it (or | throw a prompt or something). | | Doubt this is going to happen though. | madeofpalk wrote: | Or even not have passwords at all. There is a lot to do in | this space. | criddell wrote: | Surely there's still room for some innovation in the | authentication space? | | I remember a few years ago Steve Gibson was working on a | certificate based system called SQRL and it sounded pretty | cool to me. Maybe 1Password have some ideas of their own? | MAGZine wrote: | There's a couple examples already, including one click credit | card information saving (through your card issuer), and their | private email aliasing through fastmail partnership. | | A lot less incendiary than your hypotheticals. | | https://blog.1password.com/save-in-1password-button-with- | ram... | | https://1password.com/fastmail/ | dannyw wrote: | They're probably going to develop some proprietary, closed | source authentication SDK, that's not compatible with other | password managers, and bribe websites to use it. | | Your choice eventually will be entering a standard password | and specifically engineered to be annoying CAPTCHA, or pay | for 1Password. Use Keepass or BitWarden? CAPTCHA. why? | "Security". | yabatopia wrote: | > Whatever the case may be, I'm sure it's going to turn out | to be something completely worthless to me. | | You're probably right. Here's their vision of the future: | https://www.future.1password.com/ | | It screams CORPORATE. Not a single mention of family or | single user. It's all about business security, safely sharing | data, protecting your company, etc. | billbrown wrote: | We have a corporate password vault and it sucks. If | 1Password makes a compelling product and brings their | considerable UI/UX expertise to bear on it, this could | absolutely take off and make my life easier. | | With 100k individual users and its background as a consumer | application, 1Password wouldn't neglect the non-corporate | customers--at least until David Teare retires or otherwise | leaves. | vidarh wrote: | 1password _has_ a corporate offering. We use it at work, | and while I haven 't thought about to what extent it'd | scale to a huge company it works very well for small ones | with the ability to e.g. share vaults and manage | permissions across users. | | But incidentally the same features which makes it great | for work also makes it great for me to share access to | vaults with my son for example. | billbrown wrote: | I was speaking more about an enterprise product like | Hashicorp Vault but I was quite unclear. I knew about | 1Password for Teams (use Family personally). | mbesto wrote: | > It screams CORPORATE. | | How do you have a universal login that _doesn 't_ require | corporate onboarding? You're just not the person this | landing page is positioned for. They need corporate buy-in | so you the user _can_ login with one login across all of | those sites. If you the single user want to easily login to | Netflix and Amazon with a click of the button, then how do | you expect 1P or any org for that matter to offer that if | they don 't have a direct relationship with Netflix or | Amazon? | | This is like using Google.com to search for things to find | and screaming "Google is too corporate" when you landed on | the Google AdWords landing page (ads.google.com). | kspacewalk2 wrote: | Family/individual accounts are nice and all, but most | families/individuals just don't give a fuck about security | nearly enough to pay a monthly fee for a password manager, | and probably never will. The saturation point for them in | this market is not too far off. | | So they go where there's real money to be made. They are | well-positioned to become the default choice to handle | corporate day-to-day cyber-security needs of most non-tech | businesses, and if they can pull it off even moderately | successfully it will make them the biggest Canadian IT | company. Family accounts never ever will. | | That doesn't mean their product won't remain the best* | choice for individuals and families. Microsoft also doesn't | give a damn about family or single users of Office, yet we | all* use it because it's still the best* product on the | market. | | * words like 'all' and 'best' are approximations of what's | going on in the real world, not in HN where significant | numbers of people may very well be using LibreOffice and | the Nth fork of Keepass. | johncalvinyoung wrote: | Upvoted for your final-line analysis of 'normal for | muggles' and how HN is not a representative sample. | lolinder wrote: | > most families/individuals just don't give a fuck about | security nearly enough to pay a monthly fee for a | password manager | | It's more than that, most families that _do_ care about | security don 't need features beyond what is built into | iOS/Android. When I encouraged my wife to start using | randomized passwords, I didn't even have to help her get | set up. She already knew how to use Apple's password | manager, so she just started using it. No setup, no | additional monthly fee, just a quick decision to start | using it. | | When we need to share a password, we just read it off to | each other and put it in our respective password | managers. There aren't really any features in a paid | password manager that we miss. | noirbot wrote: | I mean... that seems fine? Taking a consumer product and | making a business version of it feels like a totally ok way | to grow a company that already has a stable product that | people like. Them making new features you don't use doesn't | mean they're going to break or diminish the stuff you do | use. | | Sure, they could mess it up, but any company or open source | project can mess everything up. | cooperadymas wrote: | When Crashplan did this, they removed their home offering | and completely dropped a large portion of their user | base. | noirbot wrote: | Sure, but I'd be surprised if Crashplan was operating | their home offering at a profit beforehand and just went | "eh, we don't need money". 1Password seems to have a | totally viable consumer market that's making them money | without all that much work on it. It would seem weird for | them to kill a golden goose. | anamexis wrote: | Also, it is good for companies when their employees use | good password management everywhere, including in their | personal life. The 1Password for Teams Business plan | includes a free family plan for every user, so there's | mutual reinforcement there. | tonyedgecombe wrote: | I can't remember a company that has served individuals | and enterprises simultaeneously without one side getting | a compromised offering. | | One of the things I like about Apple is they don't really | pander to the enterprise. They won't turn the business | away but you can see it isn't a priority. | noirbot wrote: | I'm not sure this is true. If anything, they're the | perfect example of how to do it right though, which is to | have products that are business OR personal focused, and | not generally both. The Mac Pro and the new monitors are | both very clearly only a reasonable cost point/feature | set for enterprise clients. The higher end Macbook Pros | are similar, especially post redesign. | | Almost everything Apple makes, "Pro" name aside, is | either an enterprise offering where they're ok if random | consumers buy it, or a consumer item where they don't | mind if enterprises buy it. I have no interest in buying | a reference monitor that costs more than my last 4 | computers put together, but I could just go buy one, I | guess. | | Optimally, 1Password does the same thing. If companies | want to buy their current offering (and my current | employer does) that thusfar hasn't really messed with my | personal use. If they come out with some Okta competitor | in the future, I won't need to care about that either | unless my company uses it. Optimistically, both products | can be targeted to different markets. | tonyedgecombe wrote: | I'd distinguish between the professional market and | enterprise. | | Look at the lengths Microsoft goes to in order to | maintain backwards compatibility for their enterprise | customers, Apple in comparison just doesn't care. | | Obviously I don't have access to the sales figures but my | guess is most Mac Pros are going into audio/visual | studios or else high net worth individuals. It's not the | sort of thing enterprises will buy if they can avoid it. | bombcar wrote: | Microsoft does decently well here, and you can navigate | this _if you basically give individuals enterprise | software_. | | The problem comes in when you try to _cripple_ the home | version so that small businesses, etc don 't just use | that. | waynesonfire wrote: | > Sure, they could mess it up, but any company or open | source project can mess everything up. | | Luckiky when they do, github just bans their account | dahfizz wrote: | > Them making new features you don't use doesn't mean | they're going to break or diminish the stuff you do use. | | Except they have already started to diminish what used to | make 1P great. We now get no native apps, no local vault | storage, no upfront payments. The VC rot has already set | in. | only4here wrote: | You can never trust cloud-hosted password managers.. | chefandy wrote: | Maybe _you_ can 't. Everybody has their own risk tolerance, | but at some point, everybody's going to have to draw a line. | Maybe you're only storing passwords for local services, but | almost all of the credentials in my password manager are for | services run on some cloud. Even then, did you evaluate all | of the code for each of those services? How about the | compiler code or the chips? Dell shipped out machines with a | hardware trojan in 2010. | | I have separate instances for work and personal accounts, so | one breach wouldn't affect the other. Since my passwords are | distinct, the number of accounts that would actually be | useful to them is minimal, and fraud response is a pretty | important metric in deciding what companies I do important | business with. Identity theft is a problem, but all of this | is probably more likely to be leaked in some other database, | like the Equifax hack, than through an account compromised in | a password manager cloud storage breach. | | My password manager being compromised would indeed be a huge | time suck, but I don't think the long-term consequences would | be any more severe than a few key individual accounts that | are probably even more vulnerable. I think things like | coordinated attacks where they social engineer their way | through 2FA-- which have been seen in the wild-- to present a | greater real-world concern. | ifyoubuildit wrote: | > Maybe you can't. Everybody has their own risk tolerance, | but at some point, everybody's going to have to draw a | line. | | I'm in agreement with parent, I think putting your | passwords in the cloud is a wild single point of failure. | Even if you can tell a compelling story about how they | carefully encrypt everything right now, you're always a | silent update away from it all being dumped on the | internet. | | I think people (in aggregate) just don't care about the | risk and will take the path of least resistance. They don't | have to draw the line there, but they will. | | > My password manager being compromised would indeed be a | huge time suck, but I don't think the long-term | consequences would be any more severe than a few key | individual accounts that are probably even more vulnerable. | | Having your main email account compromised seems like an | absolute nightmare where you potentially lose control of | every single service that you subscribe to (banking, | utilities, cell phone (so maybe 2fa is even broken), | medical portals, social media, etc). | | Having your entire set of passwords compromised is like | that on steroids. Rather than your attacker having to use | your email to get to each of those services one at a time, | they just have them immediately. And who says you'll even | know that your stuff was compromised? | | I'm a bit of a crank though. I don't do any of the smart | home stuff. I see my phone as a necessary evil. If some | company shoehorned an app or a WiFi connection into their | product, I don't buy it. After being in tech long enough, I | just want things that work for me, not for the company I | bought them from. | avianlyric wrote: | > you're always a silent update away from it all being | dumped on the internet. | | This is true of all password managers that have any | ability to connect to the internet. You're one silent | update away from your manager suddenly uploading all your | passwords to a random endpoint in Russia. | ifyoubuildit wrote: | Theoretically, if you audit the source then you only | really need to care about updates to the actual code. If | it doesn't do silent updates then it can't change | underneath you, even if it does some kind of network | operations. | | Its not fool proof, but it feels better than a black box | that could be a different black box tomorrow or after the | next acquisition or round of investment. | chefandy wrote: | > Even if you can tell a compelling story about how they | carefully encrypt everything right now, you're always a | silent update away from it all being dumped on the | internet. | | This is also true for your operating system updates, | browser, browser extensions, compilers, the | infrastructure for your email service provider, any | libraries those things use etc. Not to mention your local | password manager. Even if you don't accept push updates, | do you evaluate the code? What if the vulnerability was | timed to pop a few weeks after release? What if it was | included in an update that patched a major vulnerability | so you went faster than your normal process afforded? | Even if you have a local firewall that stops external | connections from unrecognized programs-- what if it's a | whitelisted program or the operating system or the | firewall itself? | | Why would you a password manager's encryption less than | you would trust your email service's encryption? I'd bank | on the password managers' being a lot more robust. | | What about RATs that could access your local password | database? RATs are a lot more common than cloud service | breaches. | | And as I mentioned previously, Dell shipped a hardware | trojan in 2010. | | There are tons of single-point attack vectors in this | chain. I'm not a security expert, but storing encrypted | data in cloud storage seems less likely than others be a | viable target. | | > Having your main email account compromised seems like | an absolute nightmare where you potentially lose control | of every single service that you subscribe to (banking, | utilities, cell phone (so maybe 2fa is even broken), | medical portals, social media, etc). > Having your entire | set of passwords compromised is like that on steroids. | Rather than your attacker having to use your email to get | to each of those services one at a time, they just have | them immediately. And who says you'll even know that your | stuff was compromised? | | Let's say they did compromise your email account. Since | only a few of your accounts are genuinely consequential | to nefarious criminals, the number of password resets | they'd need to execute might set them back, what-- 5 | minutes if it's not scripted? And all of it is moot if | you use a 2FA method aside from email? Beyond that, | considering how much more frequently email accounts get | compromised, singling out the storage location for | password manager databases seems pretty arbitrary. | | I just don't see how the opposition stands up to a | comparison of attack vectors. | ifyoubuildit wrote: | > This is also true for... | | Agreed, those are already risks, and ones that are a lot | harder to mitigate (though I do try where I can). Does | that mean I should add another one that I can easily | avoid? | | There are risks in both local and cloud password | managers. Maybe those risks seem equivalent to some | folks, and the cloud features are useful enough for it to | be a no brainer for them. For me, I don't at all mind | manually backing up and manually copy/pasting | credentials, and I don't miss the convenience of the | cloud features. | | > Let's say they did compromise your email account ... | | This seems focused on the case of a dedicated attacker | focused on you specifically. Id think each of us is more | likely to be affected by various automated attacks that | are backed by large dumps of account credentials. | | In any case, I agree risks already exist in other places. | For me in my specific set of circumstances this just | seems like an easy one to skip. | chefandy wrote: | Hey-- whatever works for your setup. Especially for those | who don't use a smart phone and have one machine, it's | probably a minimal loss in functionality. | | > Does that mean I should add another one that I can | easily avoid? | | All other things being equal? Avoid it, of course. I | firmly oppose letting perfect be the enemy of good in the | sense that more secure is better than less secure even if | it's not perfectly secure. But I also oppose it in the | sense that rejecting beneficial functionality because | it's not perfectly secure, especially when it's not close | to the biggest or most attractive attack surface, doesn't | make sense. Even when password managers' servers were | compromised-- LastPass, for example-- I don't think | anybody ever got ahold of passwords. KeePass OTOH was | broken with KeeFarce and RATs are a lot more common than | cloud service server breaches. | | > This seems focused on the case of a dedicated attacker | focused on you specifically. Id think each of us is more | likely to be affected by various automated attacks that | are backed by large dumps of account credentials. | | Nope-- If it was automated the distinction is even less | significant. A script would only need to search your | email for whatever specific types of logins it supported | and fire off password resets. Non-email 2FA becomes even | more of a hurdle without the option of social engineering | it or some other human-touch fix. | | Consider this. (very) Roughly, this is the market | penetration for these products: | | * computer: 90%+ | | * smart phone: 85% | | * tablet: 50% | | * computer, smart phone and tablet: 40% | | Most people (in this country, at least,) have multiple | devices. Most people have internet access. Most people | aren't going to be able to manage storing and sharing | passwords among their devices at all, let alone more | securely than cloud storage would do it. So for most | people's use cases, it would be like citing health when | refusing to put a teaspoon of sugar into the cup of tea | they're having with cake and ice cream. | | So like I said, avoid it if it doesn't improve your | life-- I have no stake in your password management | choice-- but I will actively butt in to qualify the | sentiments expressed in this thread because, a) many | users, even on this site, aren't sophisticated enough to | engage in the sort of cost/benefit analysis that we are, | and b) to them, this conversation is unintentional FUD. | Cloud-based password management is vastly superior to | regular folks' existing methods. If they're put off by | technically savvy people saying they're fundamentally | insecure, that is the embodiment of perfect defeating | good. | [deleted] | velcrovan wrote: | You can never fully trust any password manager unless you | audit all of its source code and compile it with a compiler | whose source code you have also fully audited. Good luck! | mateuszf wrote: | > You can never trust cloud-hosted password managers.. | | If you examine the source code of a client (for example | bitwarden) and make sure that it's not leaking your master | password and then compile the soft yourself and not update - | you'll be pretty safe. | | This will make it similarly secure as e.g. keepass, because | even for keepass you should be sure the source is legit | nisegami wrote: | Technical trust is one thing, but I think the trust GP is | referring to is more of a trust in the company's commitment | to the business model. Password Managers aren't sexy. There | isn't a ton of disruption possible in the field, so these | companies may tend to look to expand beyond password | management or get acquired. This in turn can mean the | password manager product will be left to rot. | soheil wrote: | I really love an alternative that does these: | | 1. native app (no bullshit JS based) for speed 2. the same | keybindings CMD+\ or Option+CMD+\ to fill in or pop up the menu | 3. sync with icloud 4. not look like total shit (ie. lastpass) | | Do these basic things and I think you can easily steal 1pass | users. | ascar wrote: | What of these are you missing with keypass? Except that sync | would be done through a regular file (the keypassdb). | torstenvl wrote: | All of them? There isn't a single good KeePass client on | macOS. | | Strongbox is the most polished but doesn't offer browser | integration. | | KeePassXC has a terrible UI, and MacPass doesn't remember | your key file between sessions. Both require staying in | your Dock and need the janky KeePassHTTP-Connector to work | with a browser. | Dedime wrote: | KeePassXC is excellent, and available on MacOS / Linux / | Windows | xrisk wrote: | Can recommend Keepassium for macOS/iOS. Just works(tm). | bombcar wrote: | Apple is _so close_ with Keychain, I feel if they spent a bit | a time on the UI of it and offered some plugin capability it | 'd be perfect. | ascar wrote: | I found Keychain quite horrible. Everything is or at least | felt just too abstracted away so that I don't feel in | control of my secrets. Might have been just the UI though. | And then it's obviously not crossplatform by default. Sync | your password database between your Android phone and Mac? | Nope. So it's another step into vendor lock in. | btmoore wrote: | Keychain supports some pretty great stuff like WebAuthN | and 2FA codes. It's UI is kinda bad though. I'm all-Apple | and techy, so it works great for me. | zwily wrote: | The Keychain integrations and UI have improved a lot over | the past couple years. That said, I still use 1p for | family sharing. | rdtwo wrote: | I agree it's so easy, if they add some sort of plugin that | pushes to you phone to verify It's you - game over. | drtz wrote: | As a regular user of Android, Windows, and Linux systems | Keychain is almost worthless. | beberlei wrote: | I believe this is regarding their new infrastructure secrets | product, so hashicorp vault but more corporate maybe. | dexterdog wrote: | I read that as "hashicorp vault, but more expensive with | wildly varying pricing schemes." | ojilles wrote: | I read it as Hashicorp Vault, but for all employees, not | just (IT) engineers. | shane_b wrote: | I personally think password managers are positioned best for | web3. | | Just add crypto wallet functionality (similar encryption | skills) and then facilitate both web2 and web3 login. | yawnxyz wrote: | I'm surprised they haven't bought Rainbow or Metamask or made | their own crypto wallet yet. Combining their current browser | extension with private key management in a crypto wallet | makes a lot of sense to me. | Chris2048 wrote: | I really hope this means new product offerings with no impact | on existing products, rather than "fucking with the product b/c | it doesn't make us enough money".. which I'll dub corporate | Marak syndrome.. | cianmm wrote: | I think of it as Evernote Syndrome. Take a perfectly great | app and then slowly add nonsense on it until it's slow and | bloated. | notpachet wrote: | You say Evernote, I say Jira. | Aeolun wrote: | Who in the fuck values 6.8B dollars for a password manager? | | For that kind of money you can build (apparently) 10-20 of them. | adim86 wrote: | I am surprised people are worried about 1Password getting this | money and not caring about their users. How about at least they | have money to be alive for the foreseeable future. I am worried | about free password managers because they are broke and could | sunset the app at any point and now I have to go find something | else, or better yet, no financial incentive to do the best thing | for the app. They do it for fun. My security is not for fun. LOL | degoodm wrote: | I hope that's enough to finally make a Chrome extension that | works. Theirs seems significantly broken half the time. | cpuguy83 wrote: | I've been using Edge with 1P for the last couple of weeks. | | I agree, it used to be terrible. Now it is better than Safari's | 1P extension. | circa wrote: | I used to use Lastpass but once they were bought out, I bailed. | Anytime I see these types of Password articles I always like to | share that I've been using Dashlane for years and love it. Multi- | platform and now its all browser based. The iOS app is great too. | It also includes a VPN with the pro plan. | https://www.dashlane.com/cs/1k5JfApcebh1 | xchaotic wrote: | Every time I see such a pre emptive money grab (1p doesn't need | all this money upfront- they could fund new features and growth | from paying customers) I know that prospective users will have to | pay back a multiple of the 600M back to the investors. Why would | I choose 1pass, knowing that they'll want even more money in the | future, in perpetuity, when free alternatives exist? I also feel | like it makes them a super juicy central attack target for both | commercial and state sponsored hackers. | smcleod wrote: | You'd think with $620M they'd be able to continue to develop | native applications and not 'have' to move to a javascript react | monstrosity. | saddestcatever wrote: | Bummer. | | I used to be a huge advocate for 1Password. | | Purchased a single license for $60 back in the day. Backed up my | vault to Dropbox. | | For a few years, it was the best app I've ever bought. | | Now with the upgrade to monthly subscription, my Windows machine | is stuck on a crappy legacy version of the app. I get that every | company and their mother wants that $A$$ money, but I truly miss | the simplicity. | greenSunglass wrote: | any alternative you folks recommend? | rcarmo wrote: | Have a look at https://taoofmac.com/space/apps/1password for a | list. | nano9 wrote: | I just use `pass` but if you want bells and whistles, then that | probably will not work for you. | lotsofpulp wrote: | KeepassXC, or Keepass databases and Strongbox for a polished | iOS app. And any cloud file sync service. | hcurtiss wrote: | Edge with Authenticator works very well, it's cross-platform, | and as of recently has near-feature parity with Lastpass and | 1Password. | koeng wrote: | I really enjoy using pass / gopass | Croftengea wrote: | Bitwarden, of course. | desdiv wrote: | Bitwarden. Both the client and the server is open source. You | can selfhost the server, or you can use their server. | Stevvo wrote: | Google/Chrome offer the best user experience for password | management, but I guess many people using 1Password are doing | so specifically to avoid Google? | ron22 wrote: | https://bitwarden.com/ | mtremsal wrote: | I haven't changed my setup of (free) keepassxc in (free) | Dropbox in 10+ years. You can even add a standalone version of | keepassxc in there if you're worried about needing passwords | from a new computer. Usually, simple beats free (Spotify > | torrents) but somehow this setup has always just worked | perfectly for me. | | That being said, for friends and family I'd suggest paying for | 1password. Or using a paper notebook. Most alternatives don't | have a stellar track record with security. | IOT_Apprentice wrote: | The question to ask is WHY did they raise that much? What are | they going to be using that much cash for? | PragmaticPulp wrote: | I've been using the older 1Password 6 version for a long time | with Dropbox syncing. This is the version that still had | perpetual licensing. | | And it works just fine. I can see why they're pushing so hard to | force everyone to their paid SaaS service: I haven't paid them | additional money in years and yet my setup works perfectly well. | | Eventually, though, one of the browser extensions will stop | working and they'll insist I upgrade if I want to keep using it. | | My only hope at this point is that some other company will come | along and make a password manager with equivalent UX (the only | missing piece from competing products) and undercut them. Surely | someone can do it with, say, only a couple million dollars | invested instead of hundreds of millions. | throwaway984393 wrote: | Jesus Christ this is infuriating. Now I have to go find a | different password manager that will just take my money, be | profitable, and not become another fucking SV unicorn horror show | capitalist wet dream. | gizmo wrote: | 620m at a 6.8bn valuation is staggering. If they IPO at 10bn in a | year they need a plan by then to grow towards a 30bn valuation, | otherwise doing an IPO makes no sense. That is unbelievably | ambitious for a password app. | | The founders are clearly willing to bet their company on their | expansion plans. In the post they allude to expanding to the | security space more generally. Curious to see this develop in the | coming years. | JadoJodo wrote: | Both the Fastmail[0] and Privacy [1] integrations have made | 1Password a joy to use in the past few years. I've used premium | BitWarden in the past, but the UX of 1Password is hard to beat. | Congrats to the 1Password team! | | - [0] https://blog.1password.com/fastmail-masked-email/ - [1] | https://blog.1password.com/privacy-virtual-cards/ | zerkten wrote: | A lot of comments don't seem to acknowledge the importance of | UX to leveling up security. Historically, security products | have had terrible UX with everyone working around these and | introducing more risks. 1Password is doing a great service here | by making security simple and reduces our overall attack | surface. | mdaniel wrote: | I wholeheartedly agree with the UX comment, and for the | "leveling up security" part specifically, I'll point out that | 1P 8 now has a "generate horse-battery-stable 'security | question' answers" button, which is about as close to the | intersection of good UX and good security as I can imagine | | My experience with Bitwarden is that their browser extension | is gravely broken, which is a subset of UX, but crosses over | into "how is this not a 'stop all work and fix it' bug?": | https://github.com/bitwarden/browser/issues/1620 | | I have a paid Bitwarden subscription, because I wanted to | give it a fair shake, but based on my experience thus far | it'll be years before they catch up to AgileBits | [deleted] | throwaway5752 wrote: | Regardless of the TAM of secret management and the enterprise | market for it.. this is a ton of money. I don't fault 1Password | for taking it if it was offered, but I personally find it off- | putting. How can the market opportunity be so compelling to | justify that level of investment, but at the same time require | that much capital infusion to chase? If there is enough demand it | should be possible to balance funding from external investment | and cash flow. They've been around 17 years, so my hope is it is | just early investors cashing out on a $7B valuation, which seems | doesn't seem unreasonable. It is hard to know without more | details. | wim wrote: | This sounds like they might go enterprise and go after Okta and | the like | [deleted] | DrBazza wrote: | Are "password storing" tech companies worth a billion or so? | | And what's the "unique selling point" that stops me switching | from one to another? | darkwizard42 wrote: | Looks like another commenter added some context: | | For some very rough context: - Duo was acquired for $2.35B | | - Ledger was valued at $1.5B | | - Dashlane was valued at $1B | | - Yubico was valued at $600M | | - LastPass was acquired for $110M | | - Trezor has an annual revenue of $5M | | - Authy was acquired after receiving investments of $3.8M | DrBazza wrote: | Gosh. I'm in the wrong business. I should create my own | "store your password" company. How hard can it be? | drcongo wrote: | This is terrible news. | vladstudio wrote: | Eh. I used to use 1Password long ago, when it was still a | "normal" app (one-time payment, not trying to become a unicorn). | It was easy for me to switch password managers (my needs are | modest, and I generally like to break my app habits once in a | while). My journey included (1) self-written manager; (2) | LastPass; (3) pass CLI, and (4) Bitwarden (free tier). | | I'm now a happy Bitwarden user. It's ugly, and I'm a UX designer, | but it's the least worst! (to me) | unethical_ban wrote: | Keepass + GDrive/iCloud is going to be the recommendation I | provide my friends and solo business owners in an upcoming | presentation. | | The file itself is under your control, apps are cross platform | and desktop, and it is pretty intuitive. | | That plus either 2fas (allowing for local token backup) or | Authy (encrypted cloud backup) of MFA, and I won't hear about | Instagrams getting pwned again. | TameAntelope wrote: | 1Password is _vastly_ superior to Bitwarden from a UX | perspective, and considering that 's literally the only reason | I have a password manager, that is, by far, the most important | thing. | | If you think "security" is the reason you have a password | manager, how come all of your accounts are tied to your email | address? If you _just_ wanted security, there are, by far, more | secure tools and practices you could employ than Bitwarden | (among them keeping a notebook of passwords on your person at | all times). | | Your comment reads, to me, as a signaling effort. "I'm aware of | bad corporations and I don't support them!" is less strong of a | signal than you may think. | Tier2Capital wrote: | Shout out to Strongbox if you're an apple user. It supports | .kdbx across apple devices with a 10/10 UI | rekoil wrote: | Took a peek, looks really nice, might have to give it a spin! | | Are there any solutions for .kdbx files on Windows that have | a nice UI? My memories of KeePass are not great. | txtsd wrote: | KeepassXC is your best bet! | u2077 wrote: | + 1 for strongbox and keepassXC | piqufoh wrote: | Great for 1Password - I love the tool and I'm a strong advocate. | But ... | | Why such a large round? Why not go for an IPO? | darkwizard42 wrote: | I think this type of massive up-round investment is basically | an IPO, likely a fair amount of secondary level of exit for | founders, employees, and wouldn't be surprised if the | seed/first round investors were able to unload a little (if | they even wanted to) | Iv wrote: | Because money is desperate to find sinks to throw itself at. | samgranieri wrote: | I really wish they weren't doing away with 1password classic and | the native mac app. I like the fact I bought a license, that I | can store the data on dropbox or icloud, and it works just fine. | | Yes, this is old news and sour grapes on my part. I just don't | yet feel like migrating to bitwarden. | | I've been using 1password for 12 years since I saw it on a | tutorial on peepcode.com. I actually taught my mother how to use | it, she's been using it for 9 years, and last weekend she was | upgrading all her passwords to use 2fa with the QR code capturing | facility. | | We had to go find the 1password classic browser extension | (something stopped working, needed to reinstall it) and that took | a bit of doing. 1password is not making it easy to find anymore, | and when she contacted customer support (before talking to me), | their response was to upgrade to a paid account and store your | passwords on a server. | | Ugh. | | Honestly, now that they've raised this much cash, would it really | be that big of an inconvenience or lift for them to give mac | users a native app instead of the electron one and keep allowing | legacy users like me to use 1password with our existing licenses | and dropbox? | | I think they'd be able to hire some additional developers and | product/project people to make it happen. Not continuing to work | on the classic project just feels like a kick in the shins. | | Now, I'm building out my kubernetes cluster at home, and | bitwarden is something I'm going to experiment with as a backup, | but 1password 7 works fine and I just don't want to migrate to a | paid account. | | C'mon 1password, make your legacy customers happy! | d23 wrote: | > Yes, this is old news and sour grapes on my part. | | This is a tangent, but this isn't really the correct usage of | sour grapes. "Sour grapes" implies you actually did want it to | go away but are saying you didn't out of pride or something. | I'm assuming that's not what you're trying to imply. | jiveturkey wrote: | Same here. I begrudgingly moved to BW right after they stopped | offering perpetual licenses. The UX is poor compared to 1P but | for this software I could not continue to use 1P. They've | become a deceptively marketed company. I actually had a sub on | top of my perpetual license -- the cost is inconsequential and | I want(ed) to support their business. | jeffrallen wrote: | They should take 20 million, endow a foundation, and have the | foundation hire a couple of their original devs to make a clean | room, open-source equivalent to 1Password 6. Then those of us | who actually just want a self hosted password manager, not a | massive whacky cloud secret factory, can use that. | | Sigh, what a stupid world we live in, where greed destroys | everything good. | symlinkk wrote: | Why do you feel entitled to that? Are you going to pay for it | again? | AlexandrB wrote: | If pay for it again in a heartbeat. | Kwpolska wrote: | Have you tried KeePassXC? It has a reasonable UI and mental | model, and does zero cloudy things. | mdaniel wrote: | And it can already read the 1Password .opvault (the | "legacy" format, stored in Dropbox and on disk) "file" | format -- I would guess it wouldn't be an unholy amount of | work to teach it to write out that format, too, but I | stopped short of doing that work because I figured | KeePassXC wouldn't merge it | | After that, I would teach KeePassXC to serve the 1Password | browser extension websocket protocol, because I found its | UX far, far, far, far superior to KeePassXC's browser | extension UX | idonotknowwhy wrote: | And you can choose to sync with Dropbox, one drive, etc. | And it has an android app. | rekoil wrote: | I don't even mind the subscription fee and cloud hosting | personally, just make a kickass native app like they always had | and I'll stay. If they force me to "upgrade" to 8 and it's not | a native app then I'll just use something else like bitwarden. | jonpurdy wrote: | I would be happy to pay the subscription fee for a native | app, especially since my partner and parents can use it under | the family plan. It works great for that! I've been paying | for upgrades since 2007 (version 2.0 I think). | | Except that version 7 also introduced some massive UI/UX | regressions! There were so many that I started collecting | them in a Ulysses note so that I wouldn't forget why | 1Password has gone so far downhill. | | ---- | | Attachments: | | - Attachments used to be attached to entries by drag files | there, and they'd show up at the bottom (if I wanted my | passport, there'd be a single Passport entry with copyable | fields + jpeg photos of front and back at the bottom). | | - Now, every attachment is a separate document cluttering up | everything. If I want my passport, I search for "passport" | and three separate entries come up: entry with passport | details I can copy, and passport-front.jpg and passport- | back.jpg. And if I delete Passport entry, the jpegs are still | hanging around. | | - See [1][2] | | ---- | | When it doesn't sync, there's no "force sync" button on iOS. | So I just sit there waiting... | | ---- | | Can't suppress "duplicate password" warning: | | - If I reuse a password on two or more entries, each of those | entries shows this warning | | - No way to disable it, clutters up the UI | | - Some entries have an insecure password for local use, dev | use, whatever, so let me disable the warning | | - Tons of threads on their forums about this complaining | about it [3][4][5][6] | | ---- | | Another warning that can't be disabled in preferences: 2FA | available but not enabled | | - If you have an entry where 2FA is available on that site, | you cannot disable the warning if you don't have it set up | | - To actually disable this, you need to tag the entry with | 2FA (which is dumb because it implies that it has 2FA, but | the tag is showing that it DOESN'T have 2FA enabled) | | ---- | | Subdomain matching doesn't work: | | - This used to actually work fine but it was removed! | | - If you have a.test.com and b.test.com with different | credentials, 1password treats them as the same website and | will ALWAYS show entries for both, breaking autofill | | - See [7][8] | | ---- | | And after all this, I still planned to continue to use | 1Password until they made their version 8 Electron | announcement. That's absolutely the final straw and I won't | be moving forward with them after that. | | 1 - https://discussions.agilebits.com/discussion/92007/1passw | ord... | | 2 - | https://discussions.agilebits.com/discussion/111892/messy- | do... | | 3 - | https://discussions.agilebits.com/discussion/95438/reused- | pa... | | 4 - https://1password.community/discussion/106132/suppress- | the-r... | | 5 - https://discussions.agilebits.com/discussion/115492/featu | re-... | | 6 - https://1password.community/discussion/104141/watchtower- | reu... | | 7 - https://1password.community/discussion/89271/matching- | sub-do... | | 8 - https://1password.community/discussion/87028/stricting- | url-m... | rekoil wrote: | Definitely felt all of these, but I moved from LastPass to | 1Password after 7 had been released so didn't know they | were regressions. That's really shitty actually. I am | honestly infuriated by shit like this because it just | doesn't make any sense at all... | kitsunesoba wrote: | Similar here, I don't mind the subscription fee and even like | that I can effortlessly pull my passwords from whichever | device I need to at the moment. The new electron app is a | mess though, even if its data layer is done in Rust. It feels | like a cheap imitation of the old one with so many little | details being wrong, along with the general sluggishness that | comes with a "modern" web stack. | | I'm not really happy with any of the other options either | though. Bitwarden is stuck in the browser, and the various | KeePass clients vary a lot in polish. | | It seems a little ridiculous because the UI involved in this | sort of app is trivial to build and make nice in practically | any native UI toolkit released in the past 20 years. It's | just list views and text fields... I would've expected the | hard part of building a password manager to be the functional | bits, not the UI. | rekoil wrote: | Right!? The hard part is integrating nicely with the OS, | which is just not something that's in Electrons bag. The | thing Electron "improves" for them is portability for the | one thing that users really want to avoid interacting with. | It's just such a confusing business decision in my eyes, | and to be completely honest, part of the reason I'm looking | at switching is literally that they are making a decision | like this unprovoked when they have a great native app | already, I just don't understand it and don't want to | support a business making shit decisions like that. | | Someone in this thread suggested Strongbox which looks very | promising. I will stick with 1Password until they've | decommissioned 7, and then make my decision whether to stay | or not I think. | drewmol wrote: | Here's a +1 for Strongbox. It plays nicely with my | Keepass/Dropbox sync setup. Been using it for a few years | definitely worth the price. | pantulis wrote: | In Apple land you have Strongbox or Keepassium. Both are | fine projects based on Keepass technology so you are | basically safe and the developers are even in cool terms | with themselves. | kitsunesoba wrote: | Looking around, on macOS there's also MacPass[0] which | looks decent (good enough that I could see myself | contributing for the last few % of polish), and gnome- | passwordsafe[1] looks reasonable on Linux (if a bit too | mobile-y for a desktop app). The only notable hole in the | platforms I use is Windows... perhaps it's time to spin | up a WinUI Keepass project. | | [0]: https://github.com/MacPass/MacPass [1]: | https://apps.gnome.org/app/org.gnome.PasswordSafe/ | Spooky23 wrote: | Agreed. | | Porting an app as security sensitive as a secrets manager | to a client with an attack surface of Electron seems just | fundamentally dumb. | eric-hu wrote: | Migrate to Bitwarden. I owned a 1 password 6 license and hung | onto it for dear life until last year. I technically had a 1 | password subscription from work, and when that ended last year, | my password experience hit a brick wall. I couldn't add | passwords from Windows. My Mac client refused to work, I had to | uninstall multiple times and delete a data directory to erase | any sign that 1 password subscription was on the system. | | I'm so glad I made the switch now. No pestering pop ups, | equally usable on windows and Mac and iOS. | ilrwbwrkhv wrote: | Same made the switch to bitwarden this year. | pantulis wrote: | I went to Strongbox and never looked back. | | I have fond memories of 1Password and wish them luck. But I | have felt forced by them to move to a subscription model | and I cannot justify that. | markdown wrote: | I did the same. On Bitwarden now. | prakhar897 wrote: | Skimming through their jobs board. Their are approx 100 "talent | acquisition" roles open. Engineering is like 20 roles. What the | hell are they going to do with so many recruiters? | amackera wrote: | I guarantee that those 20 eng roles represent 100s of actual | positions. You need to staff up talent acquisition before you | staff up talent. Also they'll probably be growing their sales | team also. | pythops wrote: | 1Password still even exists ?! | saos wrote: | One product I'm truly happy to pay for | mirzap wrote: | I've no idea why would profitable company that does password | management ever need to rise such amount of money. This could be | an intro for big exit, who knows. They will literally have to | throw their users under the bus, limiting features and increasing | existing plans. Expect 50% price increase in the next 6 months, | alongside with some "great feature" with which they'll try to | justify the price increase. | IceWreck wrote: | Why does a password manager need that kind of money ? They have | their server software, apps/clients and infrastructure in place. | They also have customers and presumably earn enough to maintain | and grow. | | What is it that they plan to add that needs 620 mil ? | amashq wrote: | That was a quick answer to Bitwarden's post that gathered some | upvotes earlier today! | borplk wrote: | First LastPass and now 1Password. All downhill from here. | jrochkind1 wrote: | I learned about services I didn't know about yet, Secrets | Automation, and the Fastmail integration. | | I can't find Secrets Automation pricing info. Is it just, every | developer needs a paid 1password account and that's it, or what? | | *edit* oh wait I just found it, the answer to pricing is "Contact | Sales". Booooo. | no_wizard wrote: | Everyone who's just looking at this as a simple password app | might be missing the boat. One killer feature for enterprise | customers is teams can share secure variables as well as new | credentials for services. Now I imagine a world where 1Password | can be a secrets manager for your environments. I know a lot of | cloud services offer this already however they're not always | great, and since most of your org may be using 1Password this | would be a huge value add. | | I think what this is fueling is the ability for 1Password to grow | beyond a password manager to handle other sensitive sharable data | boringg wrote: | Question from the community comment thread here: | | How many people are actually going to change away from their | current 1 password account as a result of this OR how many will | watch 1 password and make a move in the future if product lowers | their quality vs how much of this comment thread is people | expressing viewpoints but aren't tied to the product in a real | way? | | Obviously tough to validate but I feel like a lot of the comments | are just knee jerk reactions without any real action tied to | them. Curious if I am on the margin of comments though. | PragmaticPulp wrote: | I assume many of us are hanging on to older 1Password versions | that offered perpetual licenses and Dropbox syncing. | | Once those eventually stop working (OS update, browser | extension changes) I'll be switching. But I'm not going to | proactively change because there's no reason to. | | The 1Password SaaS isn't terribly expensive, but I would have | spent $100+ more on it for the exact same functionality I've | had with my perpetual license for the past several years. I | have no intention of spending more money for the same thing and | having the overhead of managing yet another SaaS bill. | boringg wrote: | Do you think they would extend that license indefinitely? I | can't imagine it to be a large portion of clients - why upset | a loyal base of clients? | andrei_says_ wrote: | As someone who uses the non-subscription version of 1-password | (iOS only, syncs amongst my iOS devices but no use on my Mac) I | wonder how soon they'll pull the plug on this. | | Wish I could be happy for them but instead I'm worried that I'll | lose what I have. | scarfacedeb wrote: | They're a paid service. Why do they need so much extra funding?! | | There's definitely going to be a feature creep and annoying | changes. | | Time to consider the alternatives again :( | qeternity wrote: | > Why do they need so much extra funding?! | | They've also (supposedly) been profitable since inception. It's | likely that this round has a significant secondary, which means | they're just cashing out part of a profitable business. | nlh wrote: | Exactly. An increasingly common thing lately is what's | effectively a "private IPO". That's what this sounds like - | liquidity for investors / staff, and ownership to a small | cadre of professionally managed funds vs. the Wild West open | markets. | qeternity wrote: | Funny, "private IPO" is exactly what I said to someone I | was discussing these types of rounds with. | | Going public has very tangible costs, but also massive | intangible costs. Private markets are extremely frothy and | keep ownership and control within an aligned group of | investors. This can make all the difference in the world to | management. | f311a wrote: | Not only profitable, but also bootstrapped business. They | decided to go for VC money a few years ago. | [deleted] | josefrichter wrote: | Congratulations. Authentication on internet is still a hugely | underdeveloped topic, especially for normies. All the non-IT | people basically have 5 weak passwords reused on 100 sites, | written down on a piece of paper next to their computer or in | their wallet. And of course what they don't know is all of those | passwords were leaked 100 times anyway. This is a serious issue | in digital society, to be fair. | the__alchemist wrote: | If they IPO, when's a good time to enter a short position? 1 | month after? Longer? | mupuff1234 wrote: | I really hope the fed raises interests rate ASAP since inflation | seems to be getting out of hand. | buro9 wrote: | Now I know why Bitwarden was on the HN homepage a few hours | earlier. | blunte wrote: | I still boggle at the scale of investments these days. | | What does a company like 1Password do with that much money? | amelius wrote: | Tbh, since using Firefox Sync, I have no idea why people would | need anything else to manage their passwords ... Can anyone | enlighten me why I would need 1Password? | mlindner wrote: | It uploads your passwords to their cloud. How is that okay? The | key thing with a password manager is disjoint processes. You | don't want the cloud provider to also be the password manager | provider. A single breakin/rogue employee/government warrant | and you passwords are exfiltrated. | neon_electro wrote: | Your "one password" is part of the encryption key for your | 1Password vaults; your passwords and sensitive information | stored in the vault is encrypted before it hits 1Password's | cloud. | | Exfiltrators would need your master password to get in. | Barrin92 wrote: | Firefox Sync lacks basic functionality of a password manager. | Storing notes, storing card information, sharing data securely | with other users and so forth. | dmarchuk wrote: | I've been using 1password for years and so far haven't had any | problem, all apps (desktop and mobile) work great, but I don't | understand why they would need this kind of money, especially | considering it's not free or cheap service. | prirun wrote: | > It feels like yesterday that I was excited to cross the | 100-employee threshold, yet here we are just a few years later | approaching 600. | | For a password manager? Damn. | igammarays wrote: | Are we in a bubble? | Mindwipe wrote: | Yeah, I've never seen a company so keen to alienate it's core | audience. | | Well, at least not for a few years. | _pmf_ wrote: | 620M is too much for a password manager, so we can safely assume | it is no longer one. | freeduck wrote: | Lol | adreamingsoul wrote: | Time to migrate. | hcurtiss wrote: | I don't know if anybody uses Edge like me, but I feel like people | should know that Edge with Authenticator works VERY WELL for | password management. It is very close to feature parity with | Lastpass and 1Password, it's cross platform, and it's free. After | something like eight years, we dropped our subscription to | LastPass. | nsm wrote: | How easy is it to use with random notes/apps on mobile? Some | reasons I prefer a non-browser manager: - On Android/iOS, 1P | will integrate with the system password manager APIs to sign in | to apps - I can generate/store arbitrary password-like things | (SSH key passwords, secret question made up answers, 2FA backup | codes) that are not associated with specific domains. At least | in Chrome's default password manager there wasn't a way to do | something like this. | gtvwill wrote: | Lol software like 1pass seem so pointless in days of web browsers | with sync and 2fa. Deadset not really much of a reason to use | them unless your like...no Microsoft in your stack at all. But I | mean your probs burning coin on all kinda stuff if that's the | case so paying double for a built in func probably wouldn't | surprise me. | dangero wrote: | Anyone have a guess on 1Password company revenue? | cannonpalms wrote: | Self-reported to be $150MM in 2021 [1]. | | [1] https://www.cnbc.com/2022/01/19/1password-valued- | at-6point8-... | LeoPanthera wrote: | 1Password has 600 employees? | | What do they all _do_? | frabbit wrote: | Sales and posting on HN. | jmull wrote: | > ...explore beyond the boundaries of traditional password | management. | | This is a 50-50 proposition, at best. | | I hope this doesn't mean I'll need to start looking or a new | password manager. | elteto wrote: | Such a silly sounding marketspeak... what is non-traditional | password management? Password management + essential oils? | Karunamon wrote: | Example: Name any other password manager that can instantly | spawn disposable email addresses on your own domain by | talking to your email provider. | | Not to put too fine a point on it, but I _fucking love_ this | feature. | | It fits in naturally with the password manager, but it has | barely anything to do with password management. | lawtalkinghuman wrote: | Hide My Email in iCloud. | | https://support.apple.com/en-gb/HT210425 | Karunamon wrote: | Note that I said _on your own domain_. | | iCloud email hiding generates addresses on iCloud | domains, i.e. services will begin to flag them as a | commonly-used disposable address provider and disallow | them. | | Also completely worthless to the vast majority of people | who are not on Apple devices. | | Also also, 1Password's integration with the email isn't | managed by them. They talk to Fastmail, Fastmail spits | out an address and tells it to 1Password, who then fills | the form with it. I can ditch 1Password at any time, even | delete my account, and lose nothing. | farzher wrote: | you can write your own password manager in a weekend. the | encryption code is trivial. it's just a matter of ui/ux. and if | you're making it only for yourself, that's not a problem. highly | recommended | skilled wrote: | Damn, that's pretty cheap. | ctur wrote: | Great news for a great team. 1Password makes a very solid product | and the company genuinely helps improve the security ecosystem | for their users (and, through working with browser vendors on | things like extension security, all of us). | | Hopefully they don't go all cryptocoin and NFT with the | funding... but given their dna, I think they will expand wisely. | rkagerer wrote: | Has anyone here speculated they might intend to use such a | substantial piggy bank for some radical new aspect to their | product [line]? | | Not sure what... eg. perhaps some server-facing & app-facing API | that would log customers in more touchlessly in a bid to become | the SSO nexus of the world. | shehackspurple wrote: | Congratulations 1Password! AMAZING | caycep wrote: | I'm just amused at all the hollywood names on the PR...I mean if | Black Widow herself was in on this funding round, it really must | be secure! | Ekaros wrote: | First question is where does password manager spend that amount | of money. Second question who gives that amount of money to less | than 10% of password management company... Sure it can have | billions of users, but still it is in no way novel or complicated | product. In sense it takes anywhere near that sort of money to | build or manage... | Leader2light wrote: | post_break wrote: | Bitwarden, please for the love of god add multi-account support. | I know it's in the works but it's taking too long. I have work | accounts and personal accounts. 1Password boiled the frog with | pricing. | miguelrochefort wrote: | For some very rough context: | | - Duo was acquired for $2.35B | | - Ledger was valued at $1.5B | | - Dashlane was valued at $1B | | - Yubico was valued at $600M | | - LastPass was acquired for $110M | | - Trezor has an annual revenue of $5M | | - Authy was acquired after receiving investments of $3.8M | djrogers wrote: | For additional context: | | Hashicorp has an 11+B market cap Okta has a 30+B market cap | | The view I keep seeing here of 1P as simply a 'password | manager' is myopic... It's one of their products, and currently | the most visible, but it's just 1 product. | elforce002 wrote: | Well, we're using dashlane for free right now and planning to pay | for it (It's really cheap). I don't know what would be the use | case for switching to this brand since now their focus will be to | grow or die. | circa wrote: | https://www.dashlane.com/cs/1k5JfApcebh1 - 6 months free right | here | minroot wrote: | This people have lost their minds. | qwertyuiop_ wrote: | I am an exceptionally happy Bitwarden user ___________________________________________________________________ (page generated 2022-01-19 23:00 UTC)