The "containerized web app" is not a correct description here. 1Password 8 on macOS, Windows, and Linux is a full-fledged desktop app. It is built in Rust with Electron/React providing the UI. It can work completely offline and does not require a network connection.
1Password 8 has greatly improved security architecture compared to the previous versions. Just one example of many: when rendering the item details, the Rust core would not send the password value to the UI layer until the user clicks "Copy" or "Reveal" password.
In addition to that, 1Password 8 has better integration with the operating system that any other version in the past — Touch ID, Windows Hello, Secure Enclave, macOS Accessibility services, etc, etc.
Electron providing the UI is exactly what most people are referring to when they say "containerized web app", only because this paradigm of split backend for electron apps is less common.
1Password NEVER had lifetime licenses. We made this decision since day one because we had a product before that died because it was a "lifetime" purchase. The 1Password license is valid for the major version of the app. The license purchased would still work with that version today. If you look at the release history of 1Password apps — every version had a ton of updates made long after the app was no longer on sale. For example, 1Password 7 was updated just a month ago: https://app-updates.agilebits.com/product_history/OPM7
The licenses are also confusing — people had to purchase apps separately for every platform: macOS, Windows, iOS, Android. And then they had to purchase upgrades separately as well.
I have no interest in those things, they're good examples of what I don't want in my password manager.
Sorry, I don't mean to sound like an ass, they look like very well put together features. They just remind me of when Dropbox decided to start offering document editing. Not what I go there for.
Fair enough, everyone has their own requirements. I'd argue that all modern operating systems have password management already built-in.
We have a lot of 1Password customers with families and team members that require more than a single vault, need an option to recover team/family member access and often have to securely share data with other people, accountants and lawyers. Also, many of developers and admins that want to keep their SSH keys safe.
I refuse to use a cloud-based password manager, they will all be hacked eventually. I will continue to use and pay for the standalone 1Password as long as possible, and then be forced to self-host vaultwarden.
One of the tests we recently added to 1Password is the "Moby Dick Workout" for secure notes with Markdown rendering. Would love you to compare 1Password and Bitwarden:
Intellectual property is important and making everything open source would allow our competitors to easily copy it or at least get an idea how to improve their products. It is hard to seriously compare the features, the security design, and the UX of Bitwarden to 1Password — it is not close. Just a few examples: being able to edit your data while offline, ability have large notes with Markdown formatting (aka "Moby Dick Workout"), support for large datasets (more than 100,000 items).
1Password has been in business for 17 years, longer that any other password manager. It is very difficult to have a long term business model built completely on open source.
I never said open source was to be the foundation. In fact, I never talked about open source at all. All I'm referring to is source availability.
As I said earlier I'm not going to complain that you won't use a free license such as MIT or AGPL or whatever else. The real issue is just the sources being publicly auditable. Are you worried about your competitors copying your non-copyrightable material? Ideas?
While there would still be an issue, I would be a bit less harsh on the policy if at least the clients were source-available. Transparency is security.
> It is hard to seriously compare the features, the security design, and the UX of Bitwarden to 1Password — it is not close.
How does Bitwarden not come close in security? All I can come up with is the secret key requirement. Is that all? If anything Bitwarden feels more secure because of its transparency. You can see the developers working live, each commit they make.
The client source code is the where the most of the IP is. The server code is pretty dumb on it own, all it does is the sync and permissions.
One of the issues with Bitwarden encryption is the fact that every field is encrypted separately and that could provide more info to the attacker. For example, you could tell how many URLs in a particular login or if there is note for an item and how long it is.
Noted, thank you. So why not source-available? I assumed you already published the non-copyrightable ideas in your public whitepaper. Is there a concern that even if the sources are made available under a "look but don't touch" basis (essentially all rights reserved) competitors would still gain an advantage by copying the non-copyrightable stuff like processes or ideas? (that are already public through the whitepapers and could reasonably still be obtained via reverse-engineering of the client binaries)
My friend and I started it as a side job, working nights and weekends. We also downsized and cut all our expenses to about $1,000/month (mortgages were smaller back in 2005).
We quit our full-time jobs when 1Password revenues were close to $80,000/year.
You mean 1password.com?! That's amazing great work. Huge Canadian success story [1]. You're definitely underselling the achievement here but guess it's funny to look back and were probably super excited about that first 80k. I imagine there is probably a books worth of war stories about this.
This is a good point - reading up on FIRE https://en.wikipedia.org/wiki/FIRE_movement can be useful - perhaps with some intelligent allocation of resources and time you can start bootstrapping today and five years later have the mortgage payment eliminated.
And if you're serious about doing a startup, do consider moving to an area that will have what you need but is cheaper.
I'm working on downsizing and reducing expenses. I'll have repaid a credit fully next year, that allows me to increase savings etc. Slowly those things come together.
Also trying to create small side hustles, bootstrap them, hope that something sticks and try to scale that up till I can quit the corporate job and focus on things I'd love to do.
It's probably a longer journey than expected if you've got no money advantage.
A full rewrite takes a lot of time. We did this twice in the past and it is always painful. We had to do it again this time because the discrepancies between the platforms became ridiculous and we had to fix this. For example, the same search would produce different results on Mac and Windows and Android.
We also took time to address some of the pain points that existed in 1Password 7. For example, it was technically possible to have a different Master Password on your Mac and iPhone, etc.
The local database was rewritten and we made sure that everything that is possible is fully encrypted. For example, all rich icons are now stored encrypted. We also changed the logging system to make sure no personal information is ever logged. At the same time, we had to make sure the data format is backwards compatible with the old version so that both 1Password 8 and 1Password 7 can be used during the transition.
We ran over 100 studies with both existing users and people who never tried 1Password before to make sure the apps are more usable by everyone.
For new users we added New Item experience that made it easier to navigate through templates and understand how to use 1Password. For developers, we added CLI integration, support for SSH keys, and a built-in SSH agent that secures your ssh private keys.
Brand new Linux app, more than 100 new features and improvements overall, on top of the full rewrite.
I'm a fan (been using it for 10yrs I think?) and think the HN sentiment around it is not representative (it's the only app I'd actually recommend to people and that I trust my family can use).
The family vault features are really great and I was glad to see the browser dropped (I didn't really get why it existed).
I do miss some native features (like the iOS letter column on the right that made it very fast to find something in the list), but generally get that there are tradeoffs to be made.
> I do miss some native features (like the iOS letter column on the right that made it very fast to find something in the list), but generally get that there are tradeoffs to be made.
You are not the only who missed this feature and it is coming back soon. It wasn't available in SwiftUI and we had to go back to UIKit to implement it.
from the founder of 1Password: would love to learn where you think it is worse.
1Password 8 has a ton of new features and it is faster than the previous version. Some of the new features like Universal Autofill and SSH Agent do not exist in any other product. It also fixes many problems that accumulated in the app over the years.
Not the person you commented to, but I think the only real loss was 1Password Mini. There is the alternate ‘search bar’ mini app which is a decent replacement, I wish that was the one that pops up by default (like used to be with Mini).
You guys make a great product otherwise. It’s the only one where I strongly recommend it over the open source alternative (Bitwarden) even though I have a strong open source bias. There’s just a 1000 things in UI and UX that you guys do slightly better than the competition, sort of an inverse death by a thousand cuts.
I see it from a different perspective. There are not that many real native Mac apps that both look and feel great. You could probably count them all on your hands.
Also, I certainly understand being the long time Mac expect. However, when we tested 1Password with new customers we found a ton of usability issues and many of these problems are solved in 1Password 8. One example, most new users couldn't even figure out how to create new items right away because of the look and the location of "New Item" button in the old app.
1Password 8 has greatly improved security architecture compared to the previous versions. Just one example of many: when rendering the item details, the Rust core would not send the password value to the UI layer until the user clicks "Copy" or "Reveal" password.
In addition to that, 1Password 8 has better integration with the operating system that any other version in the past — Touch ID, Windows Hello, Secure Enclave, macOS Accessibility services, etc, etc.