by lkurtz on 2/16/22, 1:01 PM with 394 comments
by DonHopkins on 2/16/22, 4:12 PM
The items in its database let you define custom fields for them, but there is no literal multi line text field. There's a "File" type, but you can't simply define fields with multi-line text values. However, every item has exactly one built-in "notes" field, but that's actually styled markdown text. And you only get one. And its name is always "notes".
It would obviously be extremely useful to be able to define an arbitrary number of arbitrarily labeled multi line text fields that are not interpreted as markdown text.
It boggles my mind that 1Password doesn't support this. What were they thinking??? It makes it a real pain in the butt to store ssh keys and certificates and a lot of other types of information in 1Password.
A single markdown "notes" field just doesn't cut it. It's not as if it's technically challenging or a security risk. It already has a "notes" field, so just turn off the "rich text" feature and allow me to make my own! I would have thought it was a pretty obvious and often requested feature, but as far as I can tell, it's impossible!
by yabones on 2/16/22, 1:55 PM
export SSH_AUTH_SOCK=~/.1password/agent.sock
by vngzs on 2/16/22, 5:29 PM
It's unfortunate, because there is some real innovation around the per-application usage permissions:
> 1Password will ask for your consent before an SSH client can use your SSH key. Because of this, there's no concept of adding or removing keys like with the OpenSSH agent.
If an organization wishes to solve the SSH pubkey distribution problem (the main reason one would copy a private key across machines), then they should use SSH certificate authorities like [1]. In fact, I think that would be a far more interesting 1Password product—HashiCorp Vault could use some competition for this kind of use-case.
[0]: https://security.stackexchange.com/a/40061
[1]: https://www.vaultproject.io/docs/secrets/ssh/signed-ssh-cert...
by up6w6 on 2/16/22, 6:58 PM
https://community.bitwarden.com/t/implement-ssh-agent-protoc...
by tonyedgecombe on 2/16/22, 1:39 PM
That will be the Electron version. No thanks.
by tempay on 2/16/22, 2:49 PM
I haven't been able to see anything about how this handles agent forwarding over SSH. Does anyone know?
by drcongo on 2/16/22, 2:08 PM
by kitsunesoba on 2/16/22, 2:47 PM
It’s very simple and works very well. Better than krypt.co did for me, actually — krypt.co would occasionally randomly break, but Secretive has been rock solid. Every time something tries to use your key you get a Touch ID prompt and a notification indicating what triggered it.
This 1Password feature looks nice, but I’m switching away when version 7 stops working. AgileBits just isn’t taking 1Password in a direction that’s appealing for me… they’re clearly more interested in corporate users than individuals, and in the pursuit of a one-size-fits-all-platforms UI they’re losing the attention to detail and polish that used to be a major selling point.
by nerdawson on 2/16/22, 1:49 PM
From doing some reading though it sounds like I might be wasting my time. Apparently it’s fine to have one key for an individual machine and to use that for everything.
What’s everyone else’s take on that? Are you reusing a single key or generating each time?
by fire on 2/17/22, 6:28 AM
For some context on my bitterness: v6 stopped working with chrome based browsers a few years ago due to an issue with browser signatures, and the official guidance was to ( pay to ) upgrade to v7 rather than fixing the app, and so the software I had paid for was no longer usable in the way that it was when I purchased a license for it, effectively being downgraded through no fault of the end user ; Similarly, the Windows variant of 1pw has... kind of always just been a bad experience compared to the mac version, and while the controversial Electron-based unification for v8 promised to bring the experience in line with the Mac app ( not requiring purchase of another license type this time because I'd since bitten the bullet and paid for a subscription so I could actually use v7 ), it also required migration to the hosted vault system, as support for local vaults was completely dropped in the same version.
I would feel a lot more comfortable using this otherwise legitimately fantastic functionality if it didn't also require me to migrate from a local vault to the hosted version. I already didn't want my passwords hosted online; I definitely don't want my ssh agent and its private keys to be bound to said hosted service, and nothing has yet come out of 1Password's survey for self hosting the vault server in order to maintain a vault that works with 1PW 8 locally.
It's an unfortunate hill to die on, I realize; I just want to maintain control of my own stuff, using a tool that is actually nice to use ( 1Password is and has always been miles ahead of everything else in terms of the day to day user experience, otherwise I'd be able to justify looking at alternatives )
by vimota on 2/16/22, 5:47 PM
I've bought their license a couple times as the versions are updated, but they no longer support licenses and only monthly subscriptions. Fine.. I'm happy to pay that to get a great product, but as I was installing it on my new laptop they prompted me to move from my self-managed cloud sync to their hosted password management saying the cloud-sync will no longer be supported. I simply don't want to use the hosted solution, I'm not comfortable with the trust implied.
I imagine they're trying to cut down on the features that allowed someone to use it without paying a membership, but then why not just include cloud-sync in your paid features? Why remove a such a core feature that allows users to use your security product much more trustlessly?
by RubberShoes on 2/16/22, 5:20 PM
I would say in the past 2-3 years it has slowly become an absolute nightmare. I do not recommend it to anyone anymore. They have somehow screwed up the very basic functionality of filling in passwords on any browser I try. They continue to shift features around, break existing workflows, and even the basic tasks I rely on dozens of times a day seems to change with any significant release.
1Password got famous for building a great core product. It managed my logins I stored myself and autofilled them wherever I needed. It was clean and simple. Now they are so focused on growth and Product features like this that they have completely lost their way. As of this week I can no longer right click on a webpage and work with 1pass to find something. If the webpage attached to the original 'save login' prompt is not the one you are on - the auto popup underneath the login field has nothing to show and I cannot manually find and enter it. I have to go to the Desktop app, search, find, and copy. My team regularly wastes minutes on this each day.
Our company reevaluates platforms every couple years, in the next 12-24 months I will strongly advocate we find an alternative.
by ents on 2/16/22, 1:56 PM
by tiernano on 2/16/22, 1:37 PM
by irl_ on 2/16/22, 2:02 PM
This seems like an excellent way to ensure that you reduce the security of your SSH login to either having a single-factor (password) or at best single-factor + TOTP, where you previously had a phishing-resistant cryptographic protocol.
Is this really an improvement for security, or is it just a usability improvement (i.e. sync of keys) intended to work around policies trying to improve security (i.e. required use of keys)?
(The other option is I skimmed the docs badly and maybe I've misunderstood something, it's possible.)
Edit: I did skim the docs badly, it is possible to use a FIDO2/WebAuthN key for 2FA. https://support.1password.com/security-key/
by adventureadmin on 2/16/22, 2:38 PM
by minimaul on 2/16/22, 5:29 PM
The 1Password 7 app on macOS is a beautiful native app. It "fits" in macOS, it follows macOS design paradigms.
1Password 8 does not. It is a weird self-designed UI toolkit that is well inside the uncanny valley scenario - it is a UI design that feels like it is trying to approximate all of the major platform desktop UIs without committing to actually feeling like any given platform - so it feels wrong everywhere. Honestly it would be better if it was totally different to any of the main platforms instead of vaguely approximating them. I don't care what devtools or toolkits they use to achieve what they do, I care about the end UI feel, and it's just awkward on all platforms to me.
Additionally, 1Password 8 removes the single most used feature for me - 1Password Mini - and replaces it with Quick Access. Quick Access is much more awkward to use, especially with a mouse. Everything with Quick Access involves more UI interactions than it was before. The reasoning for this is that it "feels weird" to implement parts of the app twice - but for me 1Password Mini is essentially a browser extension equivalent for every other app on your system. Quick Access is an awful replacement for that.
I really prefer 1Password 7 on macOS to 1Password 8, and I honestly prefer it on Windows too. The replacement of native apps with something that really feels like a web page in a window - with issues like context menus being stuck inside the window, or web-page style modals - is just not what I expected, and it's not what I want. Yes, it lets AgileBits bring updates to platforms more quickly because it's essentially the same backend & UI on every platform. However, as an individual user I don't need more from my password manager than 1P7 already does.
Sadly, it seems the target for AgileBits (especially with the influx of VC cash) from the outside at least is just growth and the big payouts that come from enterprise deals - individual user usecases don't matter any more. Just look at how much of a production they made out of restoring categories as an option to the sidebar. And their core featureset - form filling - is less reliable than ever for me.
I feel that there's absolutely a hole in the market here for a password manager product aimed at individuals or small families that works on at least macOS, Windows, iOS and Android - and feels native on each platform.
edit: oh, and I utterly abhor the 1Password PR style - trying to make things seem weirdly casual on serious topics, but especially the misdirection/redirection approach they always take to critiques or support queries. Just look at their support forums for any thread on purchasing standalone licenses - they always drive the discussion into "isn't our online product amazing?". Critique of features in 1P8 always becomes "but for me it's amazing" in some way. It's frustrating as hell to engage with as they never seem to actually accept criticism in any way without trying to redirect it to something somehow positive.
by bvm on 2/16/22, 2:37 PM
Can we use it on WSL?
by pletnes on 2/16/22, 2:27 PM
by ReAzem on 2/16/22, 1:55 PM
by eik3_de on 2/16/22, 5:10 PM
Is there any advantage of using SSH keys to authenticate against GitHub?
by rage8885 on 2/17/22, 2:43 PM
by kodah on 2/16/22, 7:02 PM
by egberts1 on 2/16/22, 4:06 PM
No need for even more in-between software prompting for passwords.
I’m sticking with certificate+publickey SSH
by nilstycho on 2/16/22, 3:34 PM
by RegnisGnaw on 2/17/22, 4:26 AM
by rotten on 2/16/22, 1:41 PM
by ossusermivami on 2/16/22, 4:38 PM
by mike503 on 2/18/22, 3:19 AM
“Learn how to configure the 1Passwrd SSH agent”
by leathersoft on 2/16/22, 2:20 PM
by rcarmo on 2/16/22, 3:19 PM
I've stopped using 1Password everywhere I can due to their product "focus", and am working my way through a set of alternatives (currently using Secrets on the Mac and looking at the KeePass ecosystem, which keeps improving monthly):
https://taoofmac.com/space/apps/1password
Edit: It's been fun watching this get upvoted and downvoted in successive waves - for those who are curious, I suggest you check previous posts on 1Password and see if you can spot patterns in their advocates, since they were publicly called out on this a few times already (especially on Twitter).
by YATA0 on 2/16/22, 6:41 PM
Open up my corporate laptop and login with my smart card and username/pass combo, then I can just log into any Linux machine I have authorization (group permissions) to. Been doing it this way for over a decade at this rate.
It's like all of these password manager tools were created by people who've never seen nor used these existing solutions.
by MrYellowP on 2/16/22, 2:38 PM
I have no idea how companies managed to sell this security nightmare as a feature to actually serious people.
A single point of failure. Yeah, great idea!
by trabant00 on 2/16/22, 2:00 PM
And why would I replace the openssh agent with 1password agent?
They don't even offer additional functionality over the open tools. "Autofill public keys in your browser for Git and other cloud platforms" - really? cat and copy - paste is now too hard?
(the above logic is why I don't make any serious money)