Tried to switch to 1Password, but it just feels clunky.

edited September 25 in Lounge

I tried to switch from KeePass2 the other day, but 1Password feels just not polished enough. Now I want to share my journey with you.

Issue number 1#
Importing itself was a huge mess, since there is no official importer for KeePass and recreating over 400 credentials wasn't my the preferred solution. I finally found a community tool which is apparently approved and promoted by the 1Password staff and I gave it a try. Just to find out it works very poorly and doesn't even match fields correctly.
What do I mean by that?
Well, KeePass allows to specify additional Information to login-entries pretty much like the label-field pairs in 1Password, but instead of creating the same pairs in 1Password, all the fields get merged together and pasted into the 'notes' field. I now would need to go through every single entry and split the text back up. Hell no, not going to happen.

Issue number 2#
The next thing which did not work were files. While KeePass can have files as attachments to login-entries (licenses, certificates, ssh-keys, documentations, etc) 1Password can not. So the importer did separate the files from the entries and simply did not import them at all. I would now have to upload every single file to its own entry and link it to the corresponding login entry by hand.

For example: in Keepass I got a single entry for each one of my servers which did contain some basic information like ip, hostname, user, password and additionally as attachments the certificates of the web server, the private and public ssh key which are used to connect to it, a short documentation of what is running on it and additional credentials for ftp, ssh key and other services depending on the server.
After the import to 1Password the files were missing and the additional passwords were (like all other extra information) pasted to the 'notes' field in plain text. I did clean this up and added the files back in. Now I ended up with more than 6 separate entries for the same server instead of just 1, where all is nicely tied together.

Issue number 3#
Needless to say I wanted to group them somehow. This is possible, but stupidly overcomplicated in my opinion. I did some research and noticed there is an option to select 'related entries'. But it was not available in my UI. Eventually I realized the desktop app, the browser extension and the website all offer a different feature set, which will be elaborated in Issue4#. Back to the grouping feature. I finally got the app and could now select related entries and was hoping to select a bunch of entries to just 'group' them, but that was not the case. I can only link them one by one. Luckily the link is bidirectional, so I 'only' needed to edit 5 of them and select not yet linked ones. Which is a total of 14 times searching and selecting the right entry. Oh boy. There are groups with way more than 6 entries. There must be a better approach, right?
Thank god, there is: 'tags'. They are basically folders and can be nested like 'folder/subfolder' and on top a single entry can be in multiple 'folders'/tags. Honestly, an uncommon design choice, but a good one. But there is still room for improvements:

Issue number 4#
All the different apps support a different level of each feature. While the browser extension is the easiest to use, it is also the one with the least features. No way to use the great tag feature, no edit, no managing entries and a little clunky to switch vaults. Fortunately it will open the website and log in when prompted to edit an entry. The website does allow for most features, as far as I can tell, but feels less intuitive to use, than the desktop app. However, it does not allow for autocompletion on the tags/'folders' so you really have to know and retype them every time. Also, as stated above, the 'link related entry' option is solely available on the app. This app is quite good to use and for now the only thing I could not accomplish with it yet, is adding a new vault, which is fine, since you won't do that very often anyway. Overall every app looks different, buttons are on different locations, are named differently. It just not feels like a consistent experience, but rather a patchwork project.

Issue number 5#
Since online banking is a thing everywhere, you want to make this extra safe. Usually this is done by OTPs or TAN lists. KeePass allowed me to create a special entry for that, where you could store any amount of OTPs with a label (usually a consecutive number). Once you copied one of them, the entry was visually marked as 'used' or 'expired' automatically. You could easily tell how many are left and request a new list before you run out. While I use iTan on my mobile device now, which works similar to a security token, I still have a list of those OTPs around, just in case. Long story short, I can't get this list into 1Password nicely. I don't want to have 100 OTPs as single entries floating between all the other logins, nor giving them up completely. I mean there is a special dedicated object for outdoor licenses, reward programs and memberships, but not for OTP lists? Don't know. This just feels awkward.

Issue number 6#
I started a family account to share some logins like (Netflix, router, alarm system, pc users, etc) and the ongoing journey of clunky workflows and UI continues. Let me elaborate a bit more. I bet everyone got some common passwords they usually use during initial setup of devices or when they quickly need to set one and change it later. If I now want to share an entry with such a temporary password, I would set a proper one and share it to the family vault, right? Not quite. Everyone in this vault can see the complete password history and therefore some of my personal quick passwords. In my opinion, this is quite a security issue and there is no option to quickly clear the password history. I searched the forums and I'm not alone with this. The advised 'solution' is to duplicate the entry, then delete the old one and empty the trash, since duplicating an entry does not duplicate the history. This feel like bad design for a security application. There are so many ways to get around this, with the easiest being a simple button to clear history. Or having a checkbox in the entries to disable history for it. Or track the original owner of the entry and only allow them to see history. Everything would be better than 'before sharing you need to duplicate it and delete the old one'. Later I noticed in the sharing menu an option to copy the entry to a vault instead of moving it there, so I thought I could be smart and do it this way, so I just duplicate it to the vault directly and delete the old one on my side. Nope. Especially this option DOES copy the history too.
Please, please, please, guys and girls, make things consistent. Why does the normal copy clear the history but the copy&share does not? I could see why normal copy would not clear history, but copy&share would. But not the other way round, like it currently is.

Issue number 7# (rather inconvenience 1#)
Sometimes a website forces you to make an account, to simply view content, or download something. Usually you don't trust everyone on the internet, so you use your most unsafe trash password and provide fake information and a one time email. But just in case you have to ever log in again, you keep it somewhere. They all share the same password and I couldn't care less about it. Unsurprisingly some of them are compromised and I would like to just disable Watchtower and the 'You used this password multiple times!' warning for certain entries. I know I could log in and set a new password and so on to please the mighty watchtower, but there is no real benefit for me by doing so on this probably abandoned accounts. Can't get me to delete them neither.

Issue number 8#
Most of the problems I encountered are already listed in the forums and often since multiple years and the thread is filled with people who struggle with the same thing. Sadly everything that follows is a random staff member posting the same answer (often even with the exact same wording) in every single thread. The answer is usually 'We can see your point. We will discuss it.' or 'Voted this up in our issue tracker and the developers will be informed.' Sadly, if you scroll further, you can see the years go on, but nothing is changing. This feels like they don't care about the customers and just want them to shut up. Maybe this will happen to this thread as well, but at least I tried to bring this up and make a change.


ps

I really want to adapt myself to this app and start loving it, since the core concept is quite nice. But all the things above add up and make me feel uncomfortable. I hope people find this before they try to switch, so they at least know where this is going. Feel free to reply and ask :)
If anything changes, I'll try to come back here and update it!

So long, Sebi.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi Sebi,

    Wow! Thank you for the incredibly comprehensive feedback here. I'm sorry your experience transitioning to 1Password was not what you and we would've hoped it would be. I can understand how frustrating it can be to read through threads where you're experiencing the same problem only to find that the issue has been outstanding for some time. I think if you take a look at our release notes though you'll be able to see we are listening to feedback from customers and are always working toward bettering the software. As an example, in 1Password 7.6 for Mac alone, there were 15 different improvements and 33 different bug fixes. Many of these came to us as requests or reports from customers. Is there still room for improvement? Still things that people have brought to our attention that we'd like to fix but haven't found either the bandwidth, the right approach, and/or the ability to push it to the top of the list? Absolutely. One thing that we're hoping will help here, at least in terms of consistency between the apps, is that for the next generation we'll be moving to a shared core for the backend. This should also mean faster development cycles as the backend will only need to be written once, instead of once for each app.

    Again I apologize that things did not work in your case. We appreciate the time you took to detail the various pitfalls you ran into. :+1:

    Ben

  • Hi Ben,

    Thanks for the reply. Yes, I saw the quite stable release cycle and I appreciate it more than you might think. And don't get me wrong: I will go on with this journey and will further migrate to 1Password, since I feel like it is the right choice to move all this to a secure cloud, which is not google and specialized for sensitive data. Also, I already know quite a few people, who are pleased by it. The pricing is reasonable and despite all the things I ran into, there is a lot I really like. For example the platform independent apps: no matter what you use, 1Password got you covered. Autofill forms with numerous identities. Seamless integration to almost any form field, but also usable outside a browser. Hell yes.
    Each app got its own backend? Well, this explains a lot. I'm glad to hear you took this huge step to unify it and I'm certain it will pay off.

    Sebi

  • BenBen AWS Team

    Team Member

    Each app got its own backend? Well, this explains a lot. I'm glad to hear you took this huge step to unify it and I'm certain it will pay off.

    Indeed. Currently each app has its own team of developers that implement both the frontend and the backend for the app on their platform. This gives us a lot of flexibility in terms of platform specific features and the like, but we're hoping we'll be able to get the best of both worlds with the new core.

    Thanks for the reply. Yes, I saw the quite stable release cycle and I appreciate it more than you might think.

    Thanks for the kind words!

    And don't get me wrong: I will go on with this journey and will further migrate to 1Password, since I feel like it is the right choice to move all this to a secure cloud, which is not google and specialized for sensitive data. Also, I already know quite a few people, who are pleased by it. The pricing is reasonable and despite all the things I ran into, there is a lot I really like. For example the platform independent apps: no matter what you use, 1Password got you covered. Autofill forms with numerous identities. Seamless integration to almost any form field, but also usable outside a browser. Hell yes.

    Gotcha. Thanks so much! I hope we're able to better address the concerns you do have as we move forward. :)

    Ben

  • MrCMrC Community Moderator
    edited September 27

    @InflamedSebi

    I gave it a try. Just to find out it works very poorly and doesn't even match fields correctly.
    What do I mean by that?
    Well, KeePass allows to specify additional Information to login-entries pretty much like the label-field pairs in 1Password, but instead of creating the same pairs in 1Password, all the fields get merged together and pasted into the 'notes' field. I now would need to go through every single entry and split the text back up. Hell no, not going to happen

    The keepass2 converter can be configured to do what you need. Keepass2 is essentially a login fill program, that also allows arbitrary user-defined key/value pairs. But this data is meaningless to anyone but you, the person who defined it. So, the best an automated tool can do is use heuristics and pattern matching to guess at the meaning of your data. And over time, I’ve added patterns based empirically, and from user requests. If you want better data placement, feel free to ask in a separate thread and I’d be happy to help.

  • edited September 27

    Hey @MrC,
    I did too much cleaning up already, to do another import.
    But if KeePass does support custom key-value pairs in entries and 1Password does too, I was expecting the converter to bring them over the way 1Password wants them to be.
    For example if there were 2 pairs "groceries" <-> "corn, milk, soap" and "phase of moon" <-> "not quite full yet", you don't have to use heuristics or any other method to analyse the data itself. Just recreate them the way that 1Password would use key-value pairs.
    see this:
    https://imgur.com/a/PeQS1xD
    the upper is what I was hoping to see in 1password and the lower is what i got.
    Changing the field type to password or something by hand afterwards, is not a problem if they were kv-pair already, but if you have to split them up again, this is quite some work.
    I know maintaining so much plugins is not an easy task and you probably spent a lot of time to create them.
    Sadly it failed for a very common use case in my point of view.
    The converter did work to some degree, so I don't have to take all my entries over by hand, but the cleanup was way bigger then expected.

    Sebi

  • MrCMrC Community Moderator

    @InflamedSebi

    You just have to use the --addfields option to get that behavior.

  • @MrC
    :'( Dang. So it's just my fault for not reading documentation good enough. Really sorry then. Maybe you would consider changing this flag to --noaddfields and default to adding them. Can't think of a reason why you would not want to add them.

  • MrCMrC Community Moderator
    edited September 27

    Dang. So it's just my fault for not reading documentation good enough

    No problem - there's a lot to digest, and we're all busy, or anxious to just get the task done and get on with life.

    Maybe you would consider changing this flag to --noaddfields and default to adding them. Can't think of a reason why you would not want to add them.

    Some password managers have many extraneous fields, and some users add a large number of their own. And then users want to create their own Sections, in a particular order, and place their fields in order within a Section. Since 1Password does not yet allow re-ordering of sections, or movement of Fields from one Section to another, it is more tedious for users to add, delete, re-add their Field/Value pairs then it is to copy / paste from the Notes area.

    Once 1Password provides the capabilities above, I'll enable the option by default.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file