Leaving 1Password for iCloud Keychain
I have been using 1Password as my primary secrets manager since 2008. I used it store pretty much all information that should not be stored unencrypted, like passwords, credit card and banking information, and even software licenses. For a long time, it was the most important app on both my Macs as well as on my iOS devices. 1Password has been serving me exceptionally well, its features aligned perfectly with my needs and the UI was incredibly well done. The app was a model for how native apps should behave on a platform and I have recommended it on numerous occasions.
Until last year. Or rather until 2019, when the company announced it would accept $200 million in venture capital. But at that time the product remained unchanged, and the feared upcoming focus on business customers was just a threat looming in the distance. Unfortunately, in August of 2021, 1Password announced a new major version of its macOS client–version 8–and after a bit of digging it turned out that it was no longer a native app, but rather built using a cross-platform solution called Electron. Electron apps have a terrible reputation–they are slow, use ridiculous amounts of resources and do not adhere the platform’s user interface standards. In most respects, they are the very opposite of what 1Password used to be. The move caused widespread criticism among their long time users. For the first time in years, I wondered if I should switch to an alternative.
The problem was–and in a way, still is–that the alternatives are not that great, or terrible altogether. There are about as many password managers as there are Twitter clients, but in all respects, 1Password was the best one. Its most prolific competitors, Enpass, Bitwarden, Dashlane, Lastpass, among others, are not native clients either. I tried them all–in all cases the UI was terrible, both on macOS as well as iOS. And so I kept using 1Password.
Fast forward to February 23rd of this year. 1Password announced it would partner with Phantom, which is a cryptocurrency wallet (basically a data store). In their accompanying blog post, they write:
This is the first of many partnerships that we’ve been working on in the cryptocurrency space.
There is not much need to sugarcoat it: that is an outrageously stupid decision. cryptocurrency is a ponzi scheme. But even worse, it is a major ecological disaster, contributing to the destruction of the planet. Regardless if the crypto integration in 1Password is limited to saving passwords for crypto wallets or more sophisticated integrations–this partnership and their blog posts shows that the company is steering into a very worrying direction. I simply cannot support this.
Thankfully, there has been some movement in the area of password management. Apple has realized that passwords are a problem that requires solving, and has slowly but steadily improved their iCloud Keychain access and feature set. iOS 15 and macOS 12 have an improved interface for passwords management and even OTP support. In the current beta releases, they also added secure notes to passwords. Thanks to the tight integration across all Apple platforms, this is an ideal solution for anyone who is invested in their ecosystem–like I am. Security-wise, iCloud Keychain is end-to-end encrypted, and the passwords interface offers an export function that creates a CSV file.
Exporting my passwords from 1Password to iCloud Keychain was actually quite easy. Jonathan Wight created a Python script that helps with the process. It takes the CSV export of 1Password (8) and filters all values that do not have a username, password or url, because those are unsupported by iCloud Keychain. It then creates two files: a “clean” file that can be imported, and one that lists all the entries with missing values. After about two hours of cleaning up and consolidating data, I was able to import all passwords from 1Password to iCloud Keychain.
iCloud Keychain covers passwords, but what about all the other secrets that 1Password kept, like secure notes, credit cards and banking information, and software licenses? Safari already has a feature to safely store credit card information for auto completion, so this is covered. I had forty or so secure notes in 1Password, but after cleaning out over ten years worth of information, I was left with only six secure notes that I still need. The Apple Notes app has support for “locked” notes which are end-to-end encrypted notes with a user password. So I created a “secure notes” folder in the Notes app. I hope that Apple will further improve the password manager in iOS and macOS, making this only a temporary solution. As for software licenses–these are not an actual secret, and I only used 1Password to collect them in one place. But this is not really necessary, looking them up in my Email account works just fine for me.
Password management is a feature, not a product. I suppose 1Password knows this too. The password mangement feature of iOS and macOS is likely good enough for most people, thus requiring 1Password to concentrate on business and edge cases–like the cryptocurrency wallet cooperation. Thankfully, I do not need to be a part in this anymore.