Why 1Password 8 is going to make me change products
I usually despise ranters. Yet, I am hear to rant. I feel I have no choice.
After upgrading to 1Password 8, I quickly became horrified at its insistence that I put in my full password on EVERY SINGLE ENTRY. Apparently you have removed the ability to simply put in a pin number in the iPad/iPhone versions. And no, I do not want to use the facial recognition or voice recognition as they work poorly for me. So the inconvenience of version 8 is so massive that if I am ever forced to accept that upgrade, I will have to switch to one of the competing products. At present, I am content with having dialed back to version 7. But I know that option does not have a long-term future. I really do not want to switch products if I can help it. But I can't live with nightmare version 8. It's just too horrible.
Perhaps there is something I am missing that will fix these issues, but so far I haven't found any remedy. Any suggestions would be appreciated.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
-
I just posted on a fairly similar issue if I were to swithc from LastPass to 1Password (pasting the master password from a VeraCrypt encrypted vault as I want to use the longest password permitted and am not an accurate, nor speedy typist, particularly on a smartphone). I am not a fan of face or voice recognition either
Does it permit fingerprint biometrics?
Does 1Passowrd permit Yubikey NFC sign in?
0 -
There is a feature request to bring back the PIN unlock for 1PW 8. Right now, I believe it's setup this way so you are typing in your password multiple times, means you're way less likely to ever forget it. I do agree though the PIN mode would be great to have back on mobile again.
@TambourineMan I would suggest you use a random diceware password of 5 to six words, a lot easier to memorize to type in 1PW, you don't want your account password to be a chore to remember. Here's a good article from the team how how https://support.1password.com/strong-account-password/
0 -
@tomatoshadow2 Thanks for the reply.
Bruce Schreiner ( https://www.schneier.com/blog/about/ ) says this "the oft-cited XKCD scheme for generating passwords—string together individual words like “correcthorsebatterystaple”—is no longer good advice. The password crackers are on to this trick."
Anyway someone told me I can paste a master password from my Windows clipboard from a file which I store in a local only VeraCrypt vault. And for my phone I guess it will accept fingerprints. So it won't be a chore
0 -
is no longer good advice
There is plenty of discussion to be had on that point. I'd recommend reading through this thread on StackExchange, including the reply from our own Chief Defender Against the Dark Arts, Jeff Goldberg:
The tl;dr seems to be: there is a right way to do it, and a wrong way (or at least: less right way) to do it.
Ben
0 -
Hello @TambourineMan,
There is an unstated assumption in the oft-cited XKCD comic. That assumption is that the words are chosen truly at random. Without that assumption, Schneier's criticism is right. But if you use something like 1Password's password generator then the assumption holds and the system is secure. Indeed, the whole point of using a secure password generator is so that the system remains secure even if "crackers are on to the trick." A good password creation scheme should remain secure even if the attacker knows the scheme. Rolling dice or using a good. password generator satisfy that requirement.
If you want to see more, a few years back we generated some three word passwords and paid people to crack them. (We wouldn't have been able to pay people enough to crack 4 word passwords, but we can extrapolate from the three word cracking exercise.)
https://blog.1password.com/cracking-challenge-update/
What is worth noting is that we provided the crackers with the exact software and wordlist we used to generate the passwords. There were no hidden "tricks".
0 -
Wow! Jeff: I loved your 1PW blog post. Just confirm what you already know, I am just a computer user with no experience, background in security, crypto, software, etc.
I re-read your cracking challenge. It was and is informative.
I may change my creation scheme. I thought my 25 character random password of upper and lower, numbers and symbols should be less crackable than just 4 dictionary words (presumably in all lower). I am glad I took a HS typing course in 1963 as it helped me be able to type my own college term papers and could help me manage to type four words rather than pasting a password from my locally stored VeraCrypt vault.
(I can't finish the post as something came up - GTG - But thanks for the reply and insights)
0 -
I recently upgraded to 8 and it's a nightmare on my Mac mini. It makes me log in to 1Password every time I need a password, even though I've unchecked the auto-lock option. I don't need or want that level of "security" on my home computer, where no one else has access. And the option to unlock with my Apple watch just doesn't work at all (though I don't know whether that is an Apple or 1Password bug). How much additional work is entailed if I downgrade to 7 (if it's more than an install I will likely find another password manager).
0 -
Apparently you have removed the ability to simply put in a pin number in the iPad/iPhone versions. And no, I do not want to use the facial recognition or voice recognition as they work poorly for me.
We hear you on this one: PIN Lock Option Removed in V8
0