Password management software

Marceline

Well-Known Member
Lifetime Member
SoSH Member
Sep 9, 2002
6,441
Canton, MA
SumnerH said:
 
By "not really an OS issue" you mean "absolutely an OS issue, and unrelated to the OS we've been discussing for the last 7 posts."
 
Obviously if you use the OS keyring, you wouldn't have encryption on Windows before Windows had an OS keyring.
 
The original point I was disputing was that it was safe to store passwords in Chrome.
 
For anyone using Windows or Mac, which represents about 99% of people out there, that statement was completely, 100% untrue until December 2013.
Admittedly, it has been semi-fixed for about 4-5 months now, depending on how you view the current state. Regardless, whether it's considered an OS issue or a browser issue is really not the point anyway.
 
The original issue was pointed out by a Mac user who found that you could go into the Chrome password settings and click "show passwords" to see all of them in plain text with no authentication required.
 

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,887
Alexandria, VA
Joe Sixpack said:
 
The original point I was disputing was that it was safe to store passwords in Chrome.
 
For anyone using Windows or Mac, which represents about 99% of people out there, that statement was completely, 100% untrue until December 2013.
 
 
In what Foxconn plant are you manufacturing those numbers?  The majority of Chrome browser installations are on Linux devices (primarily Android devices).
 

Marceline

Well-Known Member
Lifetime Member
SoSH Member
Sep 9, 2002
6,441
Canton, MA
SumnerH said:
 
In what Foxconn plant are you manufacturing those numbers?  The majority of Chrome browser installations are on Linux devices (primarily Android devices).
Sorry, you're right, I should have said 99% of desktop users. 
 

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,887
Alexandria, VA
Joe Sixpack said:
Sorry, I should have said 99% of desktop users (and I'm sure you knew that this was what I meant).
 
Yes I knew what you meant, I was pointing out that it's wrong because it completely changes the scope of what you're talking about.  
 
Saying password storage is OS dependent isn't a footnote affecting 1% of users, as you stated: it's something that's important and means a majority of Chrome users shouldn't even have worried before those other OSes were fixed.
 

Marceline

Well-Known Member
Lifetime Member
SoSH Member
Sep 9, 2002
6,441
Canton, MA
SumnerH said:
 
Yes I knew what you meant, I was pointing out that it's wrong because it completely changes the scope of what you're talking about.  
 
Saying password storage is OS dependent isn't a footnote affecting 1% of users, as you stated: it's something that's important and means a majority of Chrome users shouldn't even have worried before those other OSes were fixed.
 
I don't think it completely changes the scope at all. It's not like the combined Windows/Mac OS Chrome user base is some niche market. This product had a major security flaw on those two operating systems that has been only recently, and only partially fixed and that should not be discounted just because it's not an issue with Android or Linux. It's important for people to be aware of this.
 

Blacken

Robespierre in a Cape
SoSH Member
Jul 24, 2007
12,152
SumnerH said:
By "not really an OS issue" you mean "absolutely an OS issue, and unrelated to the OS we've been discussing for the last 7 posts."
 
Obviously if you use the OS keyring, you wouldn't have encryption on Windows before Windows had an OS keyring.
Windows has had CryptProtectData forever, which does roughly the same thing. I don't know if they were using it or not, because I can't be fucked to go bisect the tree right now, but it's been there. The problem that everyone was aflutter about and was fixed in Dec 2013--and it is a problem, but not really unless you're the sort to leave your machine unlocked--was that, on desktop browsers with keyring support, Chrome would cache credentials so you could, as he said, click "show password" to show any password within the chrome settings/passwords page.

Which is not the same as unprotected data, because an attacker still needs user-level access to go find those cached credentials. Which means you already have system access and can do way, way worse stuff than peep at passwords.

The janitorial staff lecturing me on security is funny, though.
 

geoduck no quahog

not particularly consistent
Lifetime Member
SoSH Member
Nov 8, 2002
13,024
Seattle, WA
So, these programs only store your passwords in a safer and more convenient manner than an encrypted excel sheet or a piece of paper, right?

Meaning, if a website gets hacked and they get your user info and password, a program like 1password hasn't really helped you. Is that correct?

If so, what's the point of changing your passwords or having the program generate a complex one for you?
 

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,887
Alexandria, VA
geoduck no quahog said:
So, these programs only store your passwords in a safer and more convenient manner than an encrypted excel sheet or a piece of paper, right?

Meaning, if a website gets hacked and they get your user info and password, a program like 1password hasn't really helped you. Is that correct?

If so, what's the point of changing your passwords or having the program generate a complex one for you?
If you generate complex passwords and use different ones for different sites, changing them often is highly overrated.
 
Complex passwords matter.  That website that gets hacked probably isn't storing your password at all; it's storing a hash* of your password. A hash is a one-way function; you can generate a hash from any word easily, but you can't get back from the hash to the original word.  The way attackers get your password is a dictionary attack; they run through the whole dictionary* and hash every word, comparing it to the stored hash, then do the same with common replacements (i->1, a->@, etc), common transpositions, etc.  If you have a complex password then they're not going to be able to recover it.
 
Some websites are idiotic and store your actual password.  This is why it's important to use different passwords at different sites: suppose Amazon has good security and stores your password well, but SomeDumbSite.com stores your password in plain text.  If you use the same password on both, then someone could hack SomeDumbSite, learn your password, and use it on your Amazon account.
 
*http://en.wikipedia.org/wiki/Cryptographic_hash_function
**Or rather, a dictionary of "words" commonly used in passwords; it's not limited to the English language dictionary
 

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,887
Alexandria, VA
Also, when it comes to "complex passwords" remember that it's all about making it tough for a computer to guess; using funny characters and misspellings isn't a great way to do that.
 
 

geoduck no quahog

not particularly consistent
Lifetime Member
SoSH Member
Nov 8, 2002
13,024
Seattle, WA
Thanks for the info, Sumner. Sealed the deal for me.
 
I just tried to download Dashlane (was willing to pay), but it won't execute on my Windows 7 machine.
 
Guess I'll try 1Password.
 

Marceline

Well-Known Member
Lifetime Member
SoSH Member
Sep 9, 2002
6,441
Canton, MA
Just to add on to Sumner's point above, "SomeDumbSite.com" is actually eBay, which recently was hacked and was found to store all their passwords encrypted, but not hashed.

So regardless of your password's complexity on eBay, it's likely that it has been compromised.
 

ScubaSteveAvery

Master of the Senate
SoSH Member
Jul 29, 2007
8,329
Everywhere
I've been using 1Password and have found it to be really useful, especially with my Apple devices.  Its syncs seamlessly between my laptop, iPhone, and iPad.  At work I find it a little cumbersome since some sites aren't really utilized for 1Password's internal browser, so manually typing in passwords can be tedious.  Overall though, I'm really impressed and actually get annoyed when websites limit me to 9 characters and no special characters since the password is only medium strength. 
 

HriniakPosterChild

Member
SoSH Member
Jul 6, 2006
14,841
500 feet above Lake Sammammish
Joe Sixpack said:
Just to add on to Sumner's point above, "SomeDumbSite.com" is actually eBay, which recently was hacked and was found to store all their passwords encrypted, but not hashed.

So regardless of your password's complexity on eBay, it's likely that it has been compromised.
 
That was actually SomeDumbSite2.com.
 
SomeDumbSite.com was adobe.com, but ebay must not read the papers.
 

Yaz4Ever

MemBer
Lifetime Member
SoSH Member
Jul 10, 2004
11,256
MA-CA-RI-AZ-NC
Not to bump the infighting that previously took over this thread, but I'm ready to purchase a password manager and I was hoping for some hands on experience from the more tech savvy people on this board.
 
From what I can tell, Dashlane is the easiest and most pleasing looking of the bunch.  Dashlane, LastPass, and KeePass seem to be the big three and they all seem to offer fairly similar experiences.  Free is obviously better if all else is equal, but I'm willing to pay for something secure, easy to use, and that will work for our purposes.
 
I'd be using this password manager on four devices (maybe five) - all Apple products (iPhones, Macbooks, and possibly an iPad) that my wife and I use.
 
I've also read that some are better served if you provide your own cloud storage - I've got Dropbox and I'll sign my wife up as well, if necessary.
 
All of the important accounts - banks, credit cards, car loans, etc - will be shared completely.  Personal accounts - SoSH, Facebook, Instagram, etc - are user dependent, obviously.
 
I think that's about all anyone who understands this stuff better than me will need to make an informed response.  If you need my SSN, mother's maiden name, first elementary school attended, etc, just let me know and I'll PM it to you (figured I'd get that out of the way before ghoff showed up).
 

ScubaSteveAvery

Master of the Senate
SoSH Member
Jul 29, 2007
8,329
Everywhere
I've used 1Password on my Mac, iPhone, and iPad and have loved it on all devices.  It integrates well with Safari through a widget.  The browser within the apps is decent and I use it quite a bit since it auto-loads user names and passwords. The only annoying thing is typing the "master password" every time I close the app.  However, they released a preview of allowing people to log in using the fingerprint reader on the iPhone, which would be awesome and negate that process. 
 
You didn't mention it as an option, but I figured I would put my two cents in for it. 
 

derekson

Member
SoSH Member
Jun 26, 2010
6,224
If you're using all Apple products already, I don't really see a reason to purchase a password management solution like 1password when you can just use iCloud Keychain.
 
The only thing that iCloud keychain doesn't do that has been annoying to me is let apps store passwords, and I believe they are adding support for that in iOS 8.
 

Yaz4Ever

MemBer
Lifetime Member
SoSH Member
Jul 10, 2004
11,256
MA-CA-RI-AZ-NC
derekson said:
If you're using all Apple products already, I don't really see a reason to purchase a password management solution like 1password when you can just use iCloud Keychain.
 
The only thing that iCloud keychain doesn't do that has been annoying to me is let apps store passwords, and I believe they are adding support for that in iOS 8.
I thought these other options were supposed to be more secure and user friendly.  I've honestly never considered using iCloud keychain, even though I've heard of it.
 

Yaz4Ever

MemBer
Lifetime Member
SoSH Member
Jul 10, 2004
11,256
MA-CA-RI-AZ-NC
ScubaSteveAvery said:
I've used 1Password on my Mac, iPhone, and iPad and have loved it on all devices.  It integrates well with Safari through a widget.  The browser within the apps is decent and I use it quite a bit since it auto-loads user names and passwords. The only annoying thing is typing the "master password" every time I close the app.  However, they released a preview of allowing people to log in using the fingerprint reader on the iPhone, which would be awesome and negate that process. 
 
You didn't mention it as an option, but I figured I would put my two cents in for it. 
SSA, thank you for the insight.  I should've included 1Password as well as most of us considering these services have likely heard of it as well.
 

smastroyin

simpering whimperer
Lifetime Member
SoSH Member
Jul 31, 2002
20,684
dumb question.  
 
Does anyone know one of these that will also work to keep a Kindle logged in for purchases on Amazon?  I'm surprised Amazon hasn't bought one of these just for this purpose.  I am trying to set something up for my mother (see pet peeves) but at least with lastpass you need to navigate to the amazon site within its browser to even do things like in-app purchasing, which is pretty bulky.
 
Similarly, anyone know of one that will do the same for google play store?
 

Boston Brawler

Member
SoSH Member
Jan 17, 2011
9,757
Reviving this thread because I've never used a password manager, and I realized today my wife's passwords are all garbage and the same garbage repeated on basically every important site. Mine are slightly less garbage, less repeated, but I was most certainly hit in the Yahoo attack (damn Fantasy sports account!)

I'm looking into LastPass. Anyone here use it? Feedback seems very positive in the reviews I've read and it looks like it works with Apple devices too (which we both have). I'm assuming we would each have to buy/setup an account, or is there some kind of family account?
 

HriniakPosterChild

Member
SoSH Member
Jul 6, 2006
14,841
500 feet above Lake Sammammish
My wife uses lastPass. She started getting serious about password security when I was still conjuring up schemes to avoid duplicating passwords on important sites. The downside of LastPass is that she has to launch a special LastPass browser app on iOS in order to get automatic password filling. The Safari extension that does the job on macOS doesn't exist on iOS. The LastPass app isn't fast on JavaScript-heavy websites. (These days, that's all of them.)

I use iCloud Keychain because it is tightly integrated with Safari on all Apple devices. I almost never use Windows.

I am not aware of any solution that works seamlessly with iOS apps. When I want to deposit a check to BofA, I open the BofA app, copy the Safari password from the Settings app, and pasted the password into the BofA app.
 

Boston Brawler

Member
SoSH Member
Jan 17, 2011
9,757
That's great feedback, thanks much. We are iPhone users for mobile and Windows users for at home laptops, so I'm not sure anything will ever seamlessly work for us...
 

bohous

Member
SoSH Member
Jul 21, 2005
4,418
Framingham
I use Keeper and can confirm it works across all platforms (iOS, OSX and Windows). I rarely use mobile browsers for anything that needs a password but with Safari and Chrome on iPhone you can autofill using Send To and choosing the Keeper extension.
 

TFP

Moderator
Moderator
SoSH Member
Dec 10, 2007
20,380
My wife uses lastPass. She started getting serious about password security when I was still conjuring up schemes to avoid duplicating passwords on important sites. The downside of LastPass is that she has to launch a special LastPass browser app on iOS in order to get automatic password filling. The Safari extension that does the job on macOS doesn't exist on iOS. The LastPass app isn't fast on JavaScript-heavy websites. (These days, that's all of them.)

I use iCloud Keychain because it is tightly integrated with Safari on all Apple devices. I almost never use Windows.

I am not aware of any solution that works seamlessly with iOS apps. When I want to deposit a check to BofA, I open the BofA app, copy the Safari password from the Settings app, and pasted the password into the BofA app.
1Password works phenomenally across iOS apps. A lot of them are updated so you can fill your passwords right from the app. Also, Safari has it incorporated so you can very easily pre-fill while in the browser (vs having to go outside and copy/paste).

You have to pay for a lot of this, but I've had an excellent experience with 1Password across all platforms.
 

BroodsSexton

Member
SoSH Member
Feb 4, 2006
12,630
guam
1Password works phenomenally across iOS apps. A lot of them are updated so you can fill your passwords right from the app. Also, Safari has it incorporated so you can very easily pre-fill while in the browser (vs having to go outside and copy/paste).

You have to pay for a lot of this, but I've had an excellent experience with 1Password across all platforms.
+1 (though I don't recall it being very expensive).
 

Van Everyman

Member
SoSH Member
Apr 30, 2009
26,993
Newton
I'm pretty sure I paid $15 or $20 for 1Password a single time. My wife and I use the same account with the vault shared between our Dropboxes. That's a fucking bargain given the security level and convenience.
 

dirtynine

Member
SoSH Member
Dec 17, 2002
8,394
Philly
1Password user here. It's great, and fingerprint recognition has made it virtually perfect. Definitely worth the $30 or so you might spend setting it up across your ecosystem.
 

HriniakPosterChild

Member
SoSH Member
Jul 6, 2006
14,841
500 feet above Lake Sammammish
1Password works phenomenally across iOS apps. A lot of them are updated so you can fill your passwords right from the app
From what I see here, the list is not all that long and does not include any of the apps I'd care about like BofA, Vanguard, Chase Bank or Uber.

(I was hoping I'd missed something and that I'd have access to my iCloud keychain Safari passwords in those apps, so I started hunting.)
 

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,887
Alexandria, VA
1password is closed source. There's no way to evaluate its security.

I'd strongly recommend KeePassx or another open source option; if the source to your security oriented software isn't available, you're making 2 terrible assumptions (that the small set of programmers who made it didn't make a stupid mistake, and that they didn't intentionally put in a back door be it for customer support, government pressure, or other reasons).

With open source stuff, even when you never use the source yourself there's been a chance for public security experts to pick through it and evaluate the code.
 

Nick Kaufman

protector of human kind from spoilers
Lifetime Member
SoSH Member
Aug 2, 2003
13,410
A Lost Time
Formulating a password strategy is on my to do list for this year, so thanks for all the posts here. Very informative.
 

Boston Brawler

Member
SoSH Member
Jan 17, 2011
9,757
1password is closed source. There's no way to evaluate its security.

I'd strongly recommend KeePassx or another open source option; if the source to your security oriented software isn't available, you're making 2 terrible assumptions (that the small set of programmers who made it didn't make a stupid mistake, and that they didn't intentionally put in a back door be it for customer support, government pressure, or other reasons).

With open source stuff, even when you never use the source yourself there's been a chance for public security experts to pick through it and evaluate the code.
Do the password managers advertise which they are (open or closed)? And what is the difference for those of us that don't understand what the difference is?
 

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,887
Alexandria, VA
Do the password managers advertise which they are (open or closed)? And what is the difference for those of us that don't understand what the difference is?
Open-source means that the source code is publicly available and modifiable; closed-source means the source is kept secret by the company that makes it.

Even if you're never going to look at it yourself, this means that other people can audit it for security, to look for any back doors, etc; most popular open-source projects (especially something like KeePass in the security realm) have been looked at by dozens of independent outsiders. A closed-source product has usually only been self-audited by the company that makes it, or if you're lucky maybe a bored consultant was paid to rubber-stamp it.

Typically open-source projects will advertise that fact, closed-source won't mention it one way or another.

For something as security-important as a password manager there's no way I'd trust a closed-source option.


Copying a list from Wiki:
Proprietary/Closed Source
Open Source
 

Bunt4aTriple

Member (member)
Silver Supporter
SoSH Member
Jul 15, 2005
4,347
North Yarmouth, ME
I hate to revisit this, but maybe someone has some insight.

2 years ago, I opted for LastPass. I love it, but my wife does not. I handle the finances, so she only occasionally needs to get in, which is the real issue. She’ll try to log in once every couple of months, can’t remember what to do, get frustrated and quit. There are a few quirky things here and there, but it’s not as easy for her to problem solve.

Are any of the other password managers considered more user friendly? If it matters, we both have PC laptops, but I’m android and she’s iOS. The app hasn’t been the problem. It’s when she wants to print expense receipts, or log into a frequent flyer account to book a flight.

I could take the opportunity to switch to an open source application, but ease of use has to be a consideration.
 

redsoxdan

Active Member
Gold Supporter
Nov 25, 2005
25
It's been four years since this thread has seen a post but a search of this forum does not reveal anything more recent. I am finally getting around to implementing a password manager (I know, I'm an idiot) and wanted to see if anyone around here has any new or revised opinions/insights since this was last active? I have a healthy distrust of recommendations and ranking I find on the internet as I assume most of the reviewers are getting paid for their high rankings one way or another. I'm not much of a contributor around here (in any forum) but like many I read way too much and have come to trust a lot of the recommendations from you all.

Despite my skepticism, my basic research across several sites points to 1Password, LastPass, and Bitwarden as being the three best options. Of these, only Bitwarden is open-source. 1Password proudly touts the third party security audits that it has had performed (https://support.1password.com/security-assessments/). @SumnerH does this do anything to make you more comfortable with them or if you were choosing among these three would BitWarden be the only one you'd consider since it's the only one that's open-source?

Are there any others I should consider?

Thanks in advance to anyone who takes the time to reply.
 

FanRoy

New Member
Aug 14, 2008
48
Orlando, FL
It's been four years since this thread has seen a post but a search of this forum does not reveal anything more recent. I am finally getting around to implementing a password manager (I know, I'm an idiot) and wanted to see if anyone around here has any new or revised opinions/insights since this was last active? I have a healthy distrust of recommendations and ranking I find on the internet as I assume most of the reviewers are getting paid for their high rankings one way or another. I'm not much of a contributor around here (in any forum) but like many I read way too much and have come to trust a lot of the recommendations from you all.

Despite my skepticism, my basic research across several sites points to 1Password, LastPass, and Bitwarden as being the three best options. Of these, only Bitwarden is open-source. 1Password proudly touts the third party security audits that it has had performed (https://support.1password.com/security-assessments/). @SumnerH does this do anything to make you more comfortable with them or if you were choosing among these three would BitWarden be the only one you'd consider since it's the only one that's open-source?

Are there any others I should consider?

Thanks in advance to anyone who takes the time to reply.
I don't have much in the way of a suggestion, but more of a question piggybacking off yours.

Does anyone use Google Password Manager and might be able to explain its use? I have everything Google ecosystem - Android, email, business email, etc - so it makes sense for me, and it is pretty easy/comprehensive to use (despite not having a native app). How is it different/worse/less secure from what he's describing above?
 

johnmd20

mad dog
Lifetime Member
SoSH Member
Dec 30, 2003
61,996
New York City
I don't have much in the way of a suggestion, but more of a question piggybacking off yours.

Does anyone use Google Password Manager and might be able to explain its use? I have everything Google ecosystem - Android, email, business email, etc - so it makes sense for me, and it is pretty easy/comprehensive to use (despite not having a native app). How is it different/worse/less secure from what he's describing above?
I use Google Password manager, basically by default because of my use of Chrome. But all my passwords are my passwords. I still have a bunch of PWs that Google says were in a data breach, but all of them are for innocuous websites that you can't do anything with, so I haven't bothered changing them.(all my important sites have weird passwords that would be difficult to guess due to them being random)

But unless you let Google pick all your passwords(which are all a jumble of letters and numbers), I would not classify it as that secure because your passwords are your passwords. It is, however, extremely convenient.

My favorite part of the Google PW manager is that I can go into it and look up passwords I might have forgotten in case I'm logging in while not in Chrome.(which does require a device log in to see, on top of the Google login)
 

canderson

Mr. Brightside
SoSH Member
Jul 16, 2005
39,429
Harrisburg, Pa.
It's been four years since this thread has seen a post but a search of this forum does not reveal anything more recent. I am finally getting around to implementing a password manager (I know, I'm an idiot) and wanted to see if anyone around here has any new or revised opinions/insights since this was last active? I have a healthy distrust of recommendations and ranking I find on the internet as I assume most of the reviewers are getting paid for their high rankings one way or another. I'm not much of a contributor around here (in any forum) but like many I read way too much and have come to trust a lot of the recommendations from you all.

Despite my skepticism, my basic research across several sites points to 1Password, LastPass, and Bitwarden as being the three best options. Of these, only Bitwarden is open-source. 1Password proudly touts the third party security audits that it has had performed (https://support.1password.com/security-assessments/). @SumnerH does this do anything to make you more comfortable with them or if you were choosing among these three would BitWarden be the only one you'd consider since it's the only one that's open-source?

Are there any others I should consider?

Thanks in advance to anyone who takes the time to reply.
I've used 1P for years and been happy - but they've made a significant change and now you can't put your vault on another server PLUS they're dropping the native Mac app.

Even with those red flags, I still think I'll subscribe because nothing seems to be any better and all have drawbacks.
 

IpswichSox

Member
SoSH Member
Jul 14, 2005
2,792
Suburbs of Washington, DC
I was a late convert to a password manager, finally converting to 1Password a couple of years ago. I wish I had done it years earlier. 1Password has been totally bulletproof for me, both on Chrome and using my iPhone and iPad. I haven't investigated other platforms since and what I might be missing, but I've also had zero reason to consider moving. YMMV, but I'm a happy customer of 1Password.
 

Dollar

Member
SoSH Member
May 5, 2006
11,086
Everything in the above post mirrors my experience with Dashlane since I first started using it 3 or 4 years ago. Considering how much time it has saved me over the years, it's one of the best purchases I've ever made.
 

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,887
Alexandria, VA
Despite my skepticism, my basic research across several sites points to 1Password, LastPass, and Bitwarden as being the three best options. Of these, only Bitwarden is open-source. 1Password proudly touts the third party security audits that it has had performed (https://support.1password.com/security-assessments/). @SumnerH does this do anything to make you more comfortable with them or if you were choosing among these three would BitWarden be the only one you'd consider since it's the only one that's open-source?
I only run open-source software in general, so I'm kind of an outlier here. Certainly having outside audits is better than not having them. The ISE and AppSec reviews would be the ones I'd look at if I were considering them, since they actually look to have done code reviews and not 1000' overview reviews.

My experiences with Onica have been...not great, but in line with what you'd expect from someone touting SOC2 compliance as particularly meaningful.
 

Marceline

Well-Known Member
Lifetime Member
SoSH Member
Sep 9, 2002
6,441
Canton, MA
I've used 1P for years and been happy - but they've made a significant change and now you can't put your vault on another server PLUS they're dropping the native Mac app.

Even with those red flags, I still think I'll subscribe because nothing seems to be any better and all have drawbacks.
I thought they were releasing a new/redesigned Mac app.

And the change they've made is no local (i.e. non-synced) vaults.

If I wanted something that was exclusively stored locally I'd just use KeePass. I'm having trouble seeing what the drawbacks are with this change here at 1Password, unless I've misunderstood something.
 

canderson

Mr. Brightside
SoSH Member
Jul 16, 2005
39,429
Harrisburg, Pa.
I thought they were releasing a new/redesigned Mac app.

And the change they've made is no local (i.e. non-synced) vaults.

If I wanted something that was exclusively stored locally I'd just use KeePass. I'm having trouble seeing what the drawbacks are with this change here at 1Password, unless I've misunderstood something.
They’re ditching the native app and using Electron.

And you can no longer use Dropbox or iCloud to host your DB - you must use their servers.
 

Marceline

Well-Known Member
Lifetime Member
SoSH Member
Sep 9, 2002
6,441
Canton, MA
They’re ditching the native app and using Electron.

And you can no longer use Dropbox or iCloud to host your DB - you must use their servers.
Thanks, I hadn't heard about the Electron bit.

If you're running your own cloud sync, KeePass may be a better option.

You're right that all have drawbacks.

I am sticking with 1Password, my wife also uses and we're on the family plan so I don't really see switching as viable for now.
 

jayhoz

Ronald Bartel
SoSH Member
Jul 19, 2005
17,363
I'm way late on this, but I need to move on from Lastpass given the breaches. I have hundreds of passwords so I need a service that allows imports. Are people still happy with 1Passsword? Any other services worth looking at?