My employer has started blocking 1Password.com recently, breaking my ability to access my passwords and Two-Factor Authentication (2FA) details using the browser extension. I can still get these details on my phone, but typing a completely random 22-character password by hand is far from ideal, and a bit of a pain in the rump, to be honest. This isn’t their most egregious “security theatre” policy, but it is one of the most impactful (to me).

Cards on the table, I 💖 1Password, and have been a paying customer for several years. If my access and ability to securely login/sign-up to stuff wasn’t being impeded by another party, I’d happily keep chugging away without much further thought. Their software has been super useful, convenient, and improved how I approach my personal online security.

As it is though, I started thinking about migrating from 1Password to Bitwarden; the ability to easily self-host Bitwarden being the main attraction in this scenario. Between hosting costs and upgrading to a “Pro” tier account for in-app 2FA generation, it would work out about $15-20 a year more expensive than I pay for 1Password, but that’s not a huge amount in the grand scheme of things.

However.

The most immediate concern would be rebuilding my password vault accurately, complete with all the 2FA details I need – which is a lot. That’s going to take a lot of time and effort to move across, even with an export recreating everything – at the very least I’m going to have to check and verify everything imported correctly and that I’m not locked out of anything. And my digging into this hasn’t confirmed that all item types I use in 1Password can be exported across to Bitwarden.

However, part two.

Unless you happen to have an installation of the native applications for macOS or Windows (say, because corporate policy prohibits and prevents it, and you no longer run either of those OS’s at home…), there’s no way to export your data. At all. 1Password then becomes a silo you can’t easily get out of. The only way out is to manually recreate all of your data elsewhere. When your vault starts getting above more than a few dozen items, that’s a lot of work. Mine stretches into the hundreds.

It’s something I hadn’t really thought about before I started the thought exercise around potentially moving away. When we talk about silos, normally we’re talking about social media locking your posts and user data inside their networks. An everyday utility like a highly-convenient password manager rarely factors into it. And yet, here I am. I guess I forgot my initial misgivings about 1Password.com, and didn’t check ahead for an exit strategy.

I’m not certain how I’m going to proceed from here. 1Password themselves haven’t given me a reason to quit their service, but I’d be lying if I said this realisation of how “locked in” I am didn’t bug me and push me to migrating as an it’s-the-principle-of-the-thing “eff you” moment.

It’s something to revisit in the new year.

Dear IndieWeb, it may be time to start considering the user, not just the technical spec. by Eli MellenEli Mellen
I’ve been working on a series of walkthrough posts that outline how to IndieWebify a Wordpress site. I presumed the initial setup would be fairly straightforward because a) I have a vague idea of what I’m doing, and b) a suite of plugins already exists. Boy-howdy, was I wrong. (ಥ﹏ಥ) I’ve...

I definitely agree with you, Eli! I was wondering out loud with a half-baked thought just yesterday about how we could help ease newer “generations” into the IndieWeb. Where you are coming from the technical side of things, I was thinking more about the on-boarding process and not expecting people to read swathes of documentation to get started. Having read your post I realise both need to be worked on (in tandem?)

I couldn’t hand over even a working WordPress + IndieWeb installation to my partner and expect her to have a good time using it. I’m trying to bring her round to the idea of moving to her own site, because she’s so frustrated with the social media giants, but the tools just aren’t accessible to her level yet.

What has been built so far in the IndieWeb is amazing. I’ve not been this enthused about having my own website – or what it’s capable of – in years. But I’ve been building on the web for 20+ years; I’m impressed by the technology because of my understanding of it, and I’m the sort of user who can work past the rough edges when I need to — in fact, part of me enjoys the tinkering aspect. On reflection, I might be the worst person to be evaluating how this stuff can be made more usable and accessible for someone who wants it to “just work” as smoothly as the existing options 😅

So I guess the question then becomes – who is best placed to help with this, and how do we bring them on board (if they’re not already)?

Earlier on I was trying to find a way to “downgrade” a Google Apps account to a personal account. Well, I found a way. Kinda. Ok, not really – I slipped up and deleted my Google account.

I was a bit naive about what removing a Google Apps subscription entailed. In the absence of any clear documentation, I assumed hoped it would remove the baggage of Google Apps, leaving me with a normal Google personal account (especially as the account predated Apps). It didn’t actually remove Google Apps… but it did remove my access to pretty much every useful Google service. I was locked out of Drive/Docs, Browser Sync… everything I use on a regular basis.

It turns out, that if you want to delete Google Apps, cancelling your subscription is only a partial measure. Whereas in most services “cancel subscription” means “I’m done, so remove all my stuff and let me go” if you want to cancel Apps then you have to cancel, and then do the non-obvious step of explicitly deleting your domain from the service.

At this point, my choice was: buy a new subscription to Apps, putting me back to square one – only paying for it, or completely delete everything to do with the Apps account. So deletion it was.

Eventually I tracked down where in the mess that is the Apps admin area I could find the delete domain button, held my breath, and clicked.

Milliseconds later I was dumped out of Google Apps, and everything was gone. Everything.  Even the stuff you’d forgot about, like your Google+ profile, oAuth logins to other sites or logins on other devices, and accounts you forgot were merged, i.e. my YouTube account and subscriptions. My iPhone complained, WordPress complained, Feedly complained, Chrome complained, and so did many, many more! Years of settings, data, and integrations, gone in a button click.

Immediately I had a wave of regret, but also a slight sense of a weight being lifted. I no longer had to worry about the schizophrenic nature of my old account. If I wanted to try a new Google service, I didn’t have to wait for it to be Apps-enabled. Yes, a whole bunch of data was gone, but in a way, that was good. I would be starting over from scratch, without all the cruft that had accumulated over the many years.

So I guess it’s not that bad, really. Just a little inconvenient in the short-term. I’ve created a new account, relinked any complaining devices, and generally started rebuilding.

But please, Google, make the whole Apps/Account integration more user-friendly!

I like to think of myself as generally a smart person. I have my weaknesses, but I’m usually pretty good at figuring something out – particularly if it’s tech related. Problem solving is generally one of my strong points.

So why, oh why, can I not figure out how to “downgrade” or migrate a Google Apps account to a “normal” Google account?

For background, I have a legacy Google Apps account, from when I used to run my own-domain email account through the service. I switched to Fastmail a couple of years ago, but by this point the Apps account was my “main” Google account – the one I was logged into all the time and thus had my data attached to.

I wanted to get rid of the Apps part of the account, as it causes some weird issues now and again, doesn’t work with all Google services, and I don’t use it for the intended purpose any more.

But it’s increasingly looking like this might not be possible. I can think of a number of enterprise-y reasons why not, but I can also think of a few use cases where it should be possible to at least allow it. I’ll keep hunting for now.

Ads and websites which automatically redirect your iPhone to the App Store1 need to stop being a thing.

I’m seeing more and more instances of this user-hostile behaviour happening when I’m following a link on my phone. Usually it’s caused by an ad unit on the page, but now and again, it’s a site publisher who really, really, wants you to install their app.

Here’s the thing: if I wanted your app, I’d likely already have it installed. If I open a link to your website, I expect to (and am happy to) access your content there. Redirecting me to the App Store is a massive inconvenience and interruption; it takes me out of the app I was already using – often after I’ve already started reading your content – and puts me somewhere I wasn’t expecting to be. It breaks my concentration as my brain switches from reading your content to looking at the app download page. Assuming I still want to read your content after being treated like this, I now have to close the App Store, reopen the app I was just in, and hope I can pick up where I left off. The publishers who treat their users in this way seem to think I’ll:

  • Download the app, and wait for it to install
  • Create the usually mandatory account
  • Validate said account by switching to my email
  • Reopen the app, and try to find the content I’d clicked through to read in the first place
  • Read it (at last!)

Err, how about “no”? I was already reading your content. If you want to pimp your app to me, put a button or mention of it at the end of the article.

When this kidnapping of my attention is caused by an ad, I’ll sometimes go back to the site to finish reading, or I’ll go back to where I found the link, and send it to Pocket to read later instead (and without the ads to interrupt me). When it’s the publisher itself, chances are I’ll be annoyed enough I won’t return. You had your chance, and you chose to send me elsewhere instead. Either way, I sure as heck won’t install any app advertised using this method.

So can we please put a stop to this? It’s even worse than interrupting me to beg for an app review.


  1. This probably applies to Android and the Play Store as well, but I’m on an iPhone and so that’s where I have experience of this problem happening.