I tried to switch from KeePass2 the other day, but 1Password feels just not polished enough. Now I want to share my journey with you.
Issue number 1#
Importing itself was a huge mess, since there is no official importer for KeePass and recreating over 400 credentials wasn't my the preferred solution. I finally found a community tool which is apparently approved and promoted by the 1Password staff and I gave it a try. Just to find out it works very poorly and doesn't even match fields correctly.
What do I mean by that?
Well, KeePass allows to specify additional Information to login-entries pretty much like the label-field pairs in 1Password, but instead of creating the same pairs in 1Password, all the fields get merged together and pasted into the 'notes' field. I now would need to go through every single entry and split the text back up. Hell no, not going to happen.
Issue number 2#
The next thing which did not work were files. While KeePass can have files as attachments to login-entries (licenses, certificates, ssh-keys, documentations, etc) 1Password can not. So the importer did separate the files from the entries and simply did not import them at all. I would now have to upload every single file to its own entry and link it to the corresponding login entry by hand.
For example: in Keepass I got a single entry for each one of my servers which did contain some basic information like ip, hostname, user, password and additionally as attachments the certificates of the web server, the private and public ssh key which are used to connect to it, a short documentation of what is running on it and additional credentials for ftp, ssh key and other services depending on the server.
After the import to 1Password the files were missing and the additional passwords were (like all other extra information) pasted to the 'notes' field in plain text. I did clean this up and added the files back in. Now I ended up with more than 6 separate entries for the same server instead of just 1, where all is nicely tied together.
Issue number 3#
Needless to say I wanted to group them somehow. This is possible, but stupidly overcomplicated in my opinion. I did some research and noticed there is an option to select 'related entries'. But it was not available in my UI. Eventually I realized the desktop app, the browser extension and the website all offer a different feature set, which will be elaborated in Issue4#. Back to the grouping feature. I finally got the app and could now select related entries and was hoping to select a bunch of entries to just 'group' them, but that was not the case. I can only link them one by one. Luckily the link is bidirectional, so I 'only' needed to edit 5 of them and select not yet linked ones. Which is a total of 14 times searching and selecting the right entry. Oh boy. There are groups with way more than 6 entries. There must be a better approach, right?
Thank god, there is: 'tags'. They are basically folders and can be nested like 'folder/subfolder' and on top a single entry can be in multiple 'folders'/tags. Honestly, an uncommon design choice, but a good one. But there is still room for improvements:
Issue number 4#
All the different apps support a different level of each feature. While the browser extension is the easiest to use, it is also the one with the least features. No way to use the great tag feature, no edit, no managing entries and a little clunky to switch vaults. Fortunately it will open the website and log in when prompted to edit an entry. The website does allow for most features, as far as I can tell, but feels less intuitive to use, than the desktop app. However, it does not allow for autocompletion on the tags/'folders' so you really have to know and retype them every time. Also, as stated above, the 'link related entry' option is solely available on the app. This app is quite good to use and for now the only thing I could not accomplish with it yet, is adding a new vault, which is fine, since you won't do that very often anyway. Overall every app looks different, buttons are on different locations, are named differently. It just not feels like a consistent experience, but rather a patchwork project.
Issue number 5#
Since online banking is a thing everywhere, you want to make this extra safe. Usually this is done by OTPs or TAN lists. KeePass allowed me to create a special entry for that, where you could store any amount of OTPs with a label (usually a consecutive number). Once you copied one of them, the entry was visually marked as 'used' or 'expired' automatically. You could easily tell how many are left and request a new list before you run out. While I use iTan on my mobile device now, which works similar to a security token, I still have a list of those OTPs around, just in case. Long story short, I can't get this list into 1Password nicely. I don't want to have 100 OTPs as single entries floating between all the other logins, nor giving them up completely. I mean there is a special dedicated object for outdoor licenses, reward programs and memberships, but not for OTP lists? Don't know. This just feels awkward.
Issue number 6#
I started a family account to share some logins like (Netflix, router, alarm system, pc users, etc) and the ongoing journey of clunky workflows and UI continues. Let me elaborate a bit more. I bet everyone got some common passwords they usually use during initial setup of devices or when they quickly need to set one and change it later. If I now want to share an entry with such a temporary password, I would set a proper one and share it to the family vault, right? Not quite. Everyone in this vault can see the complete password history and therefore some of my personal quick passwords. In my opinion, this is quite a security issue and there is no option to quickly clear the password history. I searched the forums and I'm not alone with this. The advised 'solution' is to duplicate the entry, then delete the old one and empty the trash, since duplicating an entry does not duplicate the history. This feel like bad design for a security application. There are so many ways to get around this, with the easiest being a simple button to clear history. Or having a checkbox in the entries to disable history for it. Or track the original owner of the entry and only allow them to see history. Everything would be better than 'before sharing you need to duplicate it and delete the old one'. Later I noticed in the sharing menu an option to copy the entry to a vault instead of moving it there, so I thought I could be smart and do it this way, so I just duplicate it to the vault directly and delete the old one on my side. Nope. Especially this option DOES copy the history too.
Please, please, please, guys and girls, make things consistent. Why does the normal copy clear the history but the copy&share does not? I could see why normal copy would not clear history, but copy&share would. But not the other way round, like it currently is.
Issue number 7# (rather inconvenience 1#)
Sometimes a website forces you to make an account, to simply view content, or download something. Usually you don't trust everyone on the internet, so you use your most unsafe trash password and provide fake information and a one time email. But just in case you have to ever log in again, you keep it somewhere. They all share the same password and I couldn't care less about it. Unsurprisingly some of them are compromised and I would like to just disable Watchtower and the 'You used this password multiple times!' warning for certain entries. I know I could log in and set a new password and so on to please the mighty watchtower, but there is no real benefit for me by doing so on this probably abandoned accounts. Can't get me to delete them neither.
Issue number 8#
Most of the problems I encountered are already listed in the forums and often since multiple years and the thread is filled with people who struggle with the same thing. Sadly everything that follows is a random staff member posting the same answer (often even with the exact same wording) in every single thread. The answer is usually 'We can see your point. We will discuss it.' or 'Voted this up in our issue tracker and the developers will be informed.' Sadly, if you scroll further, you can see the years go on, but nothing is changing. This feels like they don't care about the customers and just want them to shut up. Maybe this will happen to this thread as well, but at least I tried to bring this up and make a change.
I really want to adapt myself to this app and start loving it, since the core concept is quite nice. But all the things above add up and make me feel uncomfortable. I hope people find this before they try to switch, so they at least know where this is going. Feel free to reply and ask
If anything changes, I'll try to come back here and update it!
So long, Sebi.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided