The 'problems' 1password faces... Apple has solved. I quit using 1password around 3 years ago, but at the time they were going all in on SaaS and quietly memory-holing the local-first vault approach that people were using them for. You know, letting people reference a sqlite db on icloud, google drive or whatever and that can be synced. 1Password cites credential leakage and security as a reason for for not implementing MCP, but they're giving the impression that MCP is the issue. Mind you, 1password has a very similar model to lastpass, that had 16bln creds leaked.
But seriously, Apple is actually in a better position to let mcp into their services if they wanted. The user credentials are all bound to your physical devices, which in turn cooperate to give a measure of identity to you. You don't need to let MCP have full access to everything, the secure enclave can generate short-lived certs. I'd be surprised if passkeys weren't able to do that already.
1Password demonstrating definitively why they don't deserve your money and in fact deserve to die. They have one job, but still chase trends like "AI" that are not related to their reason for existence.
"But agents!" you may say. "Agentic AI is changing the shape of work" they say. Bullshit, I say.
I don't understand where you're coming from. From the article: "1Password draws a firm line: we will not use MCP to expose raw credentials or secrets."
That seems a pretty reasonable argument to me. MCP is a complete hack, and the risk of agents going rogue (or getting hacked, or finding some vulnerability, 0-day, etc) and exposing your entire secrets database is just too high for 1P to accept. As a customer for 15+ years, that's exactly what I'd like to hear from my password manager.
Are users soon going to demand a way to give agents access to their passwords? Yes, absolutely.
With "AI browsers" and a whole industry of startups building agents, you can count the months until users start asking their password managers for ways to grant permission.
What 1Password is saying is "fine, but we need to do better", and MCP is an insecure clusterf*.
I think that's very reasonable, although I'll reserve judgement for when they release the so-called "secure agentic access".
Every single time in the past 10 years that I have seen some software tech hyped here it has been the same. Look under the hood, it's just some over-engineered stab at vendor lock-in.
The tech industry has become a pyramid scheme to sell more computers. Everything feeds into that. "Cybersecurity", "cyberwarfare" scares, which are enabled by the over-engineering, will be solved by? Yeah more over-engineering. A boom of GPU farms where the answer to all shortcomings is using more GPU farms? First "agent"/mcp codebases I looked at were some naive reinvention of expert systems to scaffold and parse prompts and responses from some LLM endpoint.
The 'problems' 1password faces... Apple has solved. I quit using 1password around 3 years ago, but at the time they were going all in on SaaS and quietly memory-holing the local-first vault approach that people were using them for. You know, letting people reference a sqlite db on icloud, google drive or whatever and that can be synced. 1Password cites credential leakage and security as a reason for for not implementing MCP, but they're giving the impression that MCP is the issue. Mind you, 1password has a very similar model to lastpass, that had 16bln creds leaked.
But seriously, Apple is actually in a better position to let mcp into their services if they wanted. The user credentials are all bound to your physical devices, which in turn cooperate to give a measure of identity to you. You don't need to let MCP have full access to everything, the secure enclave can generate short-lived certs. I'd be surprised if passkeys weren't able to do that already.
Why does a password manager even need an MCP server?
so that claude can login to my robinhood and buy some doge :)
1Password demonstrating definitively why they don't deserve your money and in fact deserve to die. They have one job, but still chase trends like "AI" that are not related to their reason for existence.
"But agents!" you may say. "Agentic AI is changing the shape of work" they say. Bullshit, I say.
I don't understand where you're coming from. From the article: "1Password draws a firm line: we will not use MCP to expose raw credentials or secrets."
That seems a pretty reasonable argument to me. MCP is a complete hack, and the risk of agents going rogue (or getting hacked, or finding some vulnerability, 0-day, etc) and exposing your entire secrets database is just too high for 1P to accept. As a customer for 15+ years, that's exactly what I'd like to hear from my password manager.
Are users soon going to demand a way to give agents access to their passwords? Yes, absolutely.
With "AI browsers" and a whole industry of startups building agents, you can count the months until users start asking their password managers for ways to grant permission.
What 1Password is saying is "fine, but we need to do better", and MCP is an insecure clusterf*.
I think that's very reasonable, although I'll reserve judgement for when they release the so-called "secure agentic access".
Every single time in the past 10 years that I have seen some software tech hyped here it has been the same. Look under the hood, it's just some over-engineered stab at vendor lock-in.
The tech industry has become a pyramid scheme to sell more computers. Everything feeds into that. "Cybersecurity", "cyberwarfare" scares, which are enabled by the over-engineering, will be solved by? Yeah more over-engineering. A boom of GPU farms where the answer to all shortcomings is using more GPU farms? First "agent"/mcp codebases I looked at were some naive reinvention of expert systems to scaffold and parse prompts and responses from some LLM endpoint.
It's transparent at this point.