A problem with 1Password?

Passwords are a terrible idea. But nothing else works everywhere that passwords do, so we’re stuck with them for a while. Top tip for passwords: make sure you use a different strong password for every account. Of course, since we all have dozens of accounts these days,this immediately makes the case for a password manager. I’ve used and recommended 1Password for the last 10 years, and I’ve watched it grow from a simple locally-installed Mac application to a full cross platform cloud service in that time.

In August, AgileBits released the Early Access Preview (EAP) of 1Password 8 (1P8) for the Mac, and the AgileBits team hosted an Ask Me Anything (AMA) on Reddit for the EAP. I’m sure they weren’t expecting the torrent of criticism that resulted, but is that criticism really fair? The comments break down into three categories: user experience (UX); performance; and security.

If there’s one thing more guaranteed to start a fight than religion or politics, it’s a discussion on which programming language or framework is best. It seems that the strongest negative reaction to the Mac EAP is that the user interface is being drawn using Electron, rather than Mac native libraries. Accordingly, some parts of the application no longer have a “proper Mac UX feel”. Note 1P8 is not wholly Electron: the core services are now all written in Rust.

Complaining about poor performance or bugs in an EAP is a bit like complaining that water is wet. This is beta code. It’s unfinished, unpolished, and likely contains a ton of diagnostic and debug code that will be removed from the final product. The whole point of an EAP or public beta is to find these problems!

Do I really care about less-than-perfect UX or performance? I care a little: I use 1Password because it’s a premium product that does its thing excellently, but ultimately I care about security. After all, 1Password is where I put all my credentials, so I need to know that they are safe.

When AgileBits introduced their cloud service, I was concerned: previously my passwords had never left my Mac (except when used). This of course was the start of the migration to subscription based software as a service (SaaS). 1P8 finally removes support for local-only password vaults, and moves to subscription only. 

Having an available-everywhere cloud vault vastly reduces the occurrence of copy-and-paste errors, writing or transmitting credentials through insecure channels, or using low-security “easy to remember” passwords. Our net benefit is better security and simplified operations.

AgileBits have a long track record of listening carefully to their customer base. They are better than most companies at saying sorry when it’s appropriate, but they also understand strategic direction and market imperatives, and they are resolute when they need to be. Will I be installing 1P8? Not until it’s ready. Until then, I’ll keep using, and recommending, the excellent 1Password 7!