I am not happy that 1Password 8 is now electron-based applications. Will you continue to support 7?

John Malinowski

More and more apps are changing to this format. As I understand it, any app that uses this form of development essentially require it's own version of Chrome to run. Currently as an example, Slack, GitHub, 1Password, and the Chrome browser will each be running a version of the Chrome browser. To make matters worse it seems that if you use more than one browser you will be running a chrome version of 1Password for each open browser.

I see the benefit to developers, I do not see the benefit to me as a user. I have been a 1Password user since version 2. I paid for many upgrades and now for the subscription (wasn't happy). I can tell you I am by no means the only user who is concerned about electron-based applications.

In addition, I reached out recently with a problem where !P wouldn't work in Safari. The fix was very easy... finding proved a great deal more difficult. My email to support was NEVER answered!

I did upgrade to 8 and did not care for it at all. It required me to log into the app many times as each entity is run like a separate app. 1P 7 is a much more user-friendly app. I downgrade after 2 weeks back to 7. I am very disappointed in the new format of apps. This is the first time I am considering switching away from 1P. To me, it feels like the Mac software I fell in love with is gone. I really hope you reconsider this development model and go back to creating real Mac applications. 1Password 8 feels like a poor knock-off of what was once my favorite application.

Dave_1P

Hello @John Malinowski! 👋

I'm sorry to hear that you had a rocky start with 1Password 8, it's certainly not the experience that we aim to provide and I'd love to learn more so that we can make 1Password 8 even better in the future. With the launch of 1Password 8 for Mac, 1Password 7 for Mac is no longer supported and will only receive important security updates. I strongly encourage you to use 1Password 8 moving forward.

As I understand it, any app that uses this form of development essentially require it's own version of Chrome to run. Currently as an example, Slack, GitHub, 1Password, and the Chrome browser will each be running a version of the Chrome browser. To make matters worse it seems that if you use more than one browser you will be running a chrome version of 1Password for each open browser.

Electron uses a special version of Chromium (not Chrome) and you're not running another instance of Chrome when you run an app like 1Password 8. It might be more accurate to say that both Chrome and Electron use Chromium and modify it based on specific requirements. And, while Electron is used to provide the user interface elements of 1Password 8, the real work is being done by code written in Rust which is well-known for its performance advantages.

I see the benefit to developers, I do not see the benefit to me as a user.

Electron is a tool that our developers use to build the app and for most end users there is little difference whether an app uses Electron or another framework like SwiftUI. Any tool or framework can be used to create all sorts of experiences both good and bad. What matters is how the tool is used and I think that we've done something really great with 1Password 8. Off the top of my head there are two immediate benefits to the end user:

1. The 1Password desktop experience is now the same regardless of whether you're using a Mac, Windows PC, or Linux. This means that a user who has multiple devices will see the same 1Password regardless of the device that they're currently using.
2. Since 1Password 8 uses a unified core (rather than a completely separate app for each platform) this means that we have more developer eyes on the unified code to catch bugs and correct issues rather than separate teams writing separate apps for different types of devices. It also means that bugs are corrected quicker and new features are released sooner since we don't have reinvent the wheel for each platform.

In addition, I reached out recently with a problem where !P wouldn't work in Safari. The fix was very easy... finding proved a great deal more difficult. My email to support was NEVER answered!

I'm really sorry that you didn't receive a response. We respond to all emails so something must have gone wrong. Did you directly email support@1Password.com? Have you checked your Spam/Junk folder to see if a reply was mistakenly filtered there?

I did upgrade to 8 and did not care for it at all. It required me to log into the app many times as each entity is run like a separate app.

That doesn't sound right. Were you prompted for your account password each time that you opened the main 1Password app or when you tried to fill a login into the browser?

I look forward to hearing from you. 🙂

sean-

Yikes! This is awful. +1 to the non-Electron app. Electron is the thing I loathe the most about Slack. Seeing 1Password go down the same route is a sadness. The loss of functionality, increased security surface area, awful performance, ... ugh. I just can't wrap my head around how bad this is, both technically and for the product as a whole. Suddenly, Apple Keychain doesn't seem so bad, and that's saying something because Keychain is the new "Apple Maps Bad" (Apple Maps has improved dramatically, thankfully).

Dave_1P

@sean-

Thank you for the feedback! If you haven't already then I recommend giving 1Password 8 a try, I think that you'll be pleasantly surprised. I've been running 1Password 8 on both my work and personal Macs for longer than a year now and I've never seen any performance issues. If you do give 1Password 8 a try then let me know what you think.

The loss of functionality

Can you clarify what you mean by loss of functionality? 1Password 8 is more deeply integrated with macOS than 1Password 7 ever was with new features like Universal Autofill: Use Universal Autofill in apps and browsers on your Mac

increased security surface area

Security is something that we carefully considered and 1Password 8 has our latest and most sophisticated security features. The development process of 1Password 8 allowed us to create and even contribute an Electron hardener back to the open-source community: https://github.com/1Password/electron-hardener

I look forward to hearing from you. 🙂

sean-

@Dave_1P : I'm using 1Password8 now and loathe it, thanks for asking, however! I was already surprised by the above, which is why I sought out this post and commented. Just to make sure we're on the same page, every 1Password8 customer is currently burning a quarter of a GB of RAM to store encrypted passwords... am I understanding that right?

$ ps auxwww|grep -i '[1]password' | awk 'BEGIN{s=0}{print s+=$6}END{printf "total MB: %d\n", s/1000}'
38944
56208
77360
196048
258544
325888
340960
total MB: 340

re: Loss of Functionality:

Mac App Store, supply chain management, and local Vaults, never mind the grotesque UI (I'm sure I'll capitulate to the new aesthetic at some point, but to be clear, this is not a step forward). And Vault Collections? Kinda novel. Tags are probably a better way to organize data at this point in time.

Re: contributions back to Electron:

So you're saying Electron wasn't secure to begin with, and 1Password is pioneering in its use of Electron in a security context and is putting faith in an embedded web browser using V8 that can run nearly arbitrary code if injected because there's a belief that it's somehow a better sandbox than macOS native code? Did I understand that right? If so, that's chilling and feels like 1P has jumped the shark now.

Do you know what's scarier? The implication that 1Password8 is considered "secure" whereas 1Pv7 was not. Or that 1Pv8 is admittedly less secure than 1Pv7 and that 1Pv8 is the preferred path forward because developer convenience is being prioritized over the singular and core objective of 1Password, which is the secure handling and distribution of passwords (literally this software's _one_ job is to distribute and update ciphered text between laptops and phones securely... that's it).

I was, however, delighted to see that I was not alone in my disgust of this turn of events. I'm looking forward to a 1Pv9 that's back on Swift or something less horrific. Pretty please. Until then, please don't deprecate 1Pv7 until 1Pv9 in Swift comes out.

• https://appleinsider.com/articles/21/08/16/users-lobby-1password-to-abandon-new-electron-version
• https://www.cultofmac.com/749946/1password-upsets-fans/
• https://www.macrumors.com/2022/05/03/1password-8-for-mac-released/
• https://www.reddit.com/r/1Password/comments/p2k261/electron_really/
• https://markellisreviews.com/the-1password-disaster-and-two-brilliant-1password-alternatives/

It's a shame an agreement wasn't able to be had between Apple and Agile Bits to prevent this travesty. Is the state of local UX development so dire that we have to rely on web developers to write native desktop applications now? :(

Dave_1P

@sean-

Thank you for the detailed reply. 1Password 8 will, like other Mac apps, use the memory that macOS makes available to it as needed. How much memory 1Password 8 uses depends on how many items you have saved in the app as well as whether the app is locked or unlocked at the time. 340MB doesn't seem out of the ordinary to me, are you experiencing any performance issues in either 1Password 8 or macOS itself?

1Password 8 not being currently available on the Mac App Store, the removal of support for older standalone vaults, and the design of the user interface are not the result of Electron and we would have made the same changes even if the app had been built using SwiftUI or some other tool.

Is there anything in particular that you find off about the new design? I'd love to pass along your specific feedback to our design team. 🙂

Regarding security: 1Password 8 uses Electron only to render the app’s UI. We’ve carefully chosen different approaches for various roles in the new app’s code, based on the strength of each individual technology. Everything that has to do with vault data, sync, and encryption is handled securely by the Rust brains under the hood.

Rust is a systems language known for its performance, security, and memory safety. We use Rust for 1Password Core, which powers every 1Password 8 app, across all platforms. We took that secure Rust backend and paired it with the 1Password interface using Electron, a framework that allows us to quickly ship features and focus on design details that are unique to macOS, iOS, Windows, Linux, and Android.

If you're interested in reading more about the unique architecture that we've developed for 1Password 8 then our founder Dave wrote an excellent blog here: Behind the scenes of 1Password for Linux | by Dave Teare | Medium (Although the blog's title mentions Linux, the same architecture applies on the Mac.)

Supply chain management has actually been made easier in some respects due to 1Password's new common Core. We used to have different third party dependencies for 1Password on Android than we did on Windows then we did on Mac, etc. And individual, and sometimes almost siloed, teams would be responsible for building a separate 1Password app for each platform. By moving to a Core that is shared across all platforms, and interfacing our development teams, we have more eyes on the code that we use making 1Password 8 more secure than its predecessors in this respect. We also have mechanisms and processes in place to review and vet, as well as track published security warnings for, any dependencies that we use.

The security of user's data is our first priority. We undertake regular independent security audits, which you can read about here: https://support.1password.com/security-assessments/. As a result, we’re confident in our security and have a $1 million bug bounty, the largest BugCrowd program in existence: Strengthening our investment in customer security with a $1 million bug bounty

-Dave

star-affinity

@Dave_1P

”Is there anything in particular that you find off about the new design? I'd love to pass along your specific feedback to our design team. 🙂”

Sorry for jumping in, but one design thing I don't like is the Windows:esque pop-up menus with their truncated, seemingly arbitrary height.

For example here I have many items in the list here and scrolling through them with the truncated menu isn't a nice user experience. In my opinion a menu such as that should be as tall as is needed – even if it would have to stretch to the top and botton of the screen.

GreyM1P

@star-affinity I'll pass this feedback on to the product team – thanks for letting us know! :)

ref: IDEA-I-485

TomasA

Problem is: we now have a non-Mac app that pretends to be Mack. As for the design it feels more like a website built in Joomla. v7 was a Mac app, this is not. It is something else: a website port. And if you include all things that is run when 1Password8 is opened, I get a total of over 600 MB RAM. As an example, mSecure (which I am testing now) used 111. Another example: Amail uses 80 MB. I understand a password manager needs more memory than a mail app, but nevertheless, even IF it would just use 350 MB it is still a lot.
That is my main issue with 1Password right now: It does not feel like a Mac app any loner, and it uses too much resources. So as a Mac app it is in reality dead, we need to live with the thing they present now, or find an alternative. Because out seems to be so much pride invested in the Electron solution that they never will listen to the Mac users and create a real Mac app.

I was beta tester of v8, and used it as my main password manager when the full version was released. I had a lot of problems, and finally I gave up and moved. They sent me a trial period since they claimed the issues were solved. I never got to use that trial though. And I can't really pay a new period for an app I didn't trust then.

Dave_1P

@TomasA

I know that I'm biased but I've been a Mac user for a long time and I love 1Password 8. Features like Universal Autofill, the SSH agent, and better integration with Safari make 1Password feel like a part of macOS like never before.

The amount of memory that 1Password uses on your Mac largely depends on two things:

1. The amount of memory that is available and allocated to 1Password by macOS.
2. The amount, and type, of items that you have saved and open in 1Password.

Are you seeing 1Password 8 encounter any performance issues on your Mac? I've been running 1Password 8 on both my Intel and M1 Macs since the Summer of 2021 and I have yet to encounter any slowdowns or performance hiccups. I would be interested in hearing your experience.

It does not feel like a Mac app any loner

What specifically makes it not feel like a Mac app? You mentioned the design, are there any specific portions of the design or user interface that you'd like to see our designers improve or change?

I had a lot of problems, and finally I gave up and moved.

I'm sorry that you ran into problems the last time that you tried 1Password 8. We've released quite a few updates and changes since the initial release, if you do try it again and run into issues then please let us know. 🙂

-Dave

fxscreamer

Came here to say that after supporting and loving 1Password for over 10 years, I jumped ship to BitWarden... as it suits my needs for what 1Password USED to be. I hung on to 1Password 7 as long as possible until it was glitching on Tag creation (Mac), and crashing on Windows when I edited ANYTHING.

Things that drove me away.

• Eventually charging a subscription (forcing it)
• Disabling the ability to sync databases to a place of our choice (iCloud or Dropbox)
• Getting rid of folders. This is INSANELY needed. I always hated this move.
• Tried 1Password 8 for 5 minutes and realized they DISABLED foldable tags, forcing everything to remain expanded.
• Go ahead and add clunky performance to the list.
• When I wanted to go back to 1Password 7, installing IP 8 had .zipped the old app on my mac. After unzipping it was corrupted. This happened both times I tried 1P 8 (a year apart). Not sure if coincidence or simply sketchy to force me over. I used a Time Machine backup to pull 1P 7 back over.

I use an M1 Pro Mac (Intel Mac a year ago), Windows 10 PC, iOS, and Chrome. The widgets started to break too. BitWarden was like a return to form. Did all the things 1Password used to be (other than personal cloud syncing). It's sad, but I think Agilibits is getting steered in the wrong direction. I'm seeing threads everywhere about people jumping ship. 1P 8 is what really drove the nail in.

Dave_1P

@fxscreamer

Thank you for your feedback. I've passed it along to the team. 🙂

The performance and extension issues definitely don't sound right, if you decide to try 1Password again in the future and run into the same issues then please let us know by sending an email to support@1Password.com so that we can investigate further.

Thank you so much for being with us for 10 years. Although we're sad to see you go it's good to hear that you'll continue to use a password manager to keep you and your data safe, even if that password manager ultimately isn't 1Password.

-Dave

ref: PB-31833561
ref: PB-31833625

Dave_1P

@harczuk

Thank you for the feedback! Can you tell me a little more about what specifically you don't like about using 1Password 8 on your Mac? I would be happy to pass along your feedback to our developers. 🙂

-Dave

millman

I have been and continue to be very disappointed with 1Password's decision to move to Electron for the Desktop application. At least as it applies to macOS. I'm not as concerned about Windows as I have a Windows 11 PC that I just just for gaming. Windows UI design approach is not dogmatic, where I'd say macOS is. Since Windows UI experience is not consistent across the OS I don't expect 3rd party apps to be consistent.

However, macOS is very consistent across the OS. Yes, we can see the shortcomings if SwiftUI on macOS (see: System Settings on Venture) and I hope Apple remedies this soon! However, I can say with complete confidence that I preferred the 1Password 7 experience over 1Password 8. I updated to 1Password 8 on macOS very recently. I have been holding out because I knew I wouldn't like the move to Electron. But I was a little concerned about data integrity if I continue to run 1Password 8 everywhere else but on my Macs.

Also, the argument that a consistent UI across Windows and Mac is a good thing is complete garbage. Every macOS user I know, including myself, prefers the "native" app experience on macOS versus Windows. A statement I've never heard is, "I wish my apps looked and felt the same on my Windows and macOS computers"...

On 1Password 7 I had two legacy Vaults in Dropbox. They were not being actively used and all the data had been migrated to the 1Password Family vaults a long time ago. So, when I upgraded I opted to delete those Vaults. I'd like to point out that the memory usage is not "just" tied to how many records you have as has been stated by the 1Password team above.

For comparison sake here is the amount of Memory allocated by the two to compare...

1Password 7:
❯ ps auxwww|grep -i '[1]password' | awk 'BEGIN{s=0}{print s+=$6}END{printf "total MB: %d\n", s/1000}' 17408 54512 135408 total MB: 135

1Password 8:
❯ ps auxwww|grep -i '[1]password' | awk 'BEGIN{s=0}{print s+=$6}END{printf "total MB: %d\n", s/1000}' 102432 149424 258352 464080 486768 521776 767072 total MB: 767

Because I have two fewer vaults loaded into memory and a reduction of 650 records, as they were purged with the legacy vaults, if the argument about memory being tied to number of records held any water wouldn't 1Password be using less Memory, not more? This just goes to show the glaring inefficiencies of Electron and also the persistent issue of requiring more processes to be spawned than a native app.

I'd have already made the move to Keychain if not for one thing, I story Software Keys, Identity Info, Membership Info, Credit Card Info, etc in 1Password. If Keychain supported these various data types I'd already be migrated over. If future versions of 1Password don't remedy the HUGE misstep that is Electron I will be earnestly seeking alternatives. Even if it means migrating my passwords to Keychain and seeking an alternative storage solution for the extraneous data. I've had enough of Electron and I am purging that garbage from my life everywhere I can.

FYI, JavaScript sucks and was never meant to be more than a simple scripting language for the browser to solve problems that we arguably don't even have anymore with the speed of modern ISPs. It has no business on the server or desktop. Typescript is lipstick on the pig that is JavaScript...