1Password migrants thread

[srbNYC]

And yes, they are definitely a target but the cloud is fairly secure, especially if they're using AWS or another mainstream cloud service. That's the advantage of a cloud service - cloud companies do most the security, patches, latest whatever.... vs having an underpaid/nonexistent IT department try to keep a Windows Server 2012 R2 updated, or whatever.

That said, that still makes their weakest link a big risk.

I wonder what Microsoft was saying on this subject.

Microsoft Data Breach Exposed 38 Million User Information

(RTTNews) - Personal data of 38 million users were accidentally leaked due to a fault in Microsoft's (MSFT) Power Apps software. The data included employee information, Covid related personal information and email ids and phone numbers of millions of individual, making it one

www.nasdaq.com

 

[MacBH928]

Here once again without links:
KeePassXC
KeeWeb
Strongbox respectively strongboxsafe
Keepassium

All apps can be used for free and some additionally by subscription or one-time payment for more convenience.

The database is always KeePass2. The different apps use custom fields that are KeePass standard. This is quite simple field name and field content. These can be read and written by the other apps.

You can save the database anywhere. Online or offline. Synchronize manually or via cloud. I store it on Mac in iCloud Drive. Then it is automatically synchronized with the IOS-Devices and always backed up by TimeMachine.

Try it out!

thanks i think a lot of us didn't know about this option

The videos I've seen where they interviewed the 1P devs/leads- they're pretty resolute on this and I bet it's coming from upstairs (higher up). And yes, they are definitely a target but the cloud is fairly secure, especially if they're using AWS or another mainstream cloud service. That's the advantage of a cloud service - cloud companies do most the security, patches, latest whatever.... vs having an underpaid/nonexistent IT department try to keep a Windows Server 2012 R2 updated, or whatever.

That said, that still makes their weakest link a big risk. We all know how companies underfund or flat out ignore IT/security. Hire a new cheap employee, give that new cheap employee access they shouldn't have cuz ... it's easier to do that than pay a competent person a realistic salary .... bam. Issues - despite being on a modern cloud service (Azure, Google, AWS, etc).

Everything in the name of profit. Who cares if you have a breach? Apologize, move on, continue what you're doing - rake in the $.

I am probably becoming an old fart but I've seen it too many times in my life - get rid of the highly skilled expensive people in the name of profit and then wonder why product/service suffers. Happens way too often. Lowest bidder ftw.

and hence I would not trust a cloud service as much as I do a local storage. I think LastPass got breached.

 

[bradl]

Here once again without links:
KeePassXC
KeeWeb
Strongbox respectively strongboxsafe
Keepassium

All apps can be used for free and some additionally by subscription or one-time payment for more convenience.

The database is always KeePass2. The different apps use custom fields that are KeePass standard. This is quite simple field name and field content. These can be read and written by the other apps.

You can save the database anywhere. Online or offline. Synchronize manually or via cloud. I store it on Mac in iCloud Drive. Then it is automatically synchronized with the IOS-Devices and always backed up by TimeMachine.

Try it out!

This is exactly what I wanted to hear. This gives us plenty of options going forward, especially if the vault can be stored locally, plus conforms to a standard that different applications can use. The Pros:

• portability. Different applications can use the vault, from iOS to Windows to MacOS to Android, to Linux.
• FOSS (for some apps). If the source is available, it can even be compiled for other architectures, bringing in something like Solaris, HPUX, AIX, etc. Even rPi could use it.
• standardized vault. already mentioned on that.

However, some of the pros are also the cons:

• Standardized vault. Because it conforms to a standard format, if someone gets their hands physically on your vault, they can use any application that can read the vault's format to try to get into it. Obviously, password protection on the vault can stop that, but you see already where the problem is. The question is if that is an acceptable risk, which I would say it is, because any malicious user would have to get their hands on your vault first, to be able to get into it.
• portability. With the above, if they had your vault and you use Strongbox, that user could use KeePass to attempt to open it. But again, they'd have to get physical hands on your vault for that, in which you can easily add multiple layers of security onto that attack vector.

Unless AgileBits gets everything in order and sees what they are getting themselves into, this may be the way to go.

Customers advised to reset all stored passwords....See this from bleeping computer Password manager hacked .... late April 2021.
"attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks" ...
....an example of why centralising your passwords on a developers server, with many thousands of others, is sub-optimal.

This is exactly what everyone is warning AB about, especially when having no choice to put those passwords in a location outside that user's control. We've seen what happens when one says "just trust us". Hell, Apple is going through the wars with that, in relation to CSAM.

I really hope 1Password reads this and reconsiders local network. Has everyone here reached out to them? I've contacted them via email, their focus, and Twitter on this subject.

IIRC, there is a rep from AgileBits that frequents this forum. I'm not sure if they've been in this thread, but I know that they definitely are on this forum and are active.

I mean, why not? Aren't these companies perfect for ransomware attacks?

Of course they are. I mean, if a ransomware attack could take out an entire oil pipeline from Louisiana up to New York, a few Universities, a hospital, and a mobile phone provider, why not a place that stores passwords?

BL.

 

[MacGizmo]

Or you could do it the Apple way, keep the expensive people and see products and services suffer.

Yeah... Apple, the nearly three-trillion dollar company, really appears to be struggling with products and services.

 

[MacGizmo]

I've tried several of the recommended alternatives from this thread in the last few weeks. I eventually ended up with BitWarden—which I don't like at all, but I find it to be the best alternative. That being said:

• If I'm going to pay a subscription, I might as well stay with 1Password.
• If I have to give up a bunch of features, I might as well stay with 1Password.
• If the app is so cumbersome to use, and the Safari plugin crashes constantly, I might as well stay with 1Password.
• If there is a complete lack of background info and history on the product, the company/developer behind it, I might as well stay with 1Password.

In short, the more alternatives I look at and use, the more I'm likely to stay with 1Password.

 

[MisterSavage]

I've tried several of the recommended alternatives from this thread in the last few weeks. I eventually ended up with BitWarden—which I don't like at all, but I find it to be the best alternative. That being said:

• If I'm going to pay a subscription, I might as well stay with 1Password.
• If I have to give up a bunch of features, I might as well stay with 1Password.
• If the app is so cumbersome to use, and the Safari plugin crashes constantly, I might as well stay with 1Password.
• If there is a complete lack of background info and history on the product, the company/developer behind it, I might as well stay with 1Password.

In short, the more alternatives I look at and use, the more I'm likely to stay with 1Password.

What features did you lose with Bitwarden?

 

[Expos of 1969]

Yeah... Apple, the nearly three-trillion dollar company, really appears to be struggling with products and services.

Apple is not suffering, you are correct. It is the poor customers who are in many cases. Open your eyes.

 

[MacGizmo]

What features did you lose with Bitwarden?

Ease of use, high-quality user interface, seamless integration with Safari, all my license files and PDF receipts I had stored in 1P, and more. But my list wasn't actually meant to refer to Bitwarden alone. I meant that all of the 1Password alternates suffer from one shortcoming or another compared to 1P. Bitwarden was OK, I settled on trying it because it is free, but certainly not because it's the best.

Apple is not suffering, you are correct. It is the poor customers who are in many cases. Open your eyes.

My eyes are wide open. I don't see customers suffering. I see the vast majority of customers being quite happy with Apple products, and a very, very, very small but vocal minority complaining and/or having problems. I don't by any means think Apple is perfect, but the drama some people envoke is generally centered around money - which isn't a valid discussion point for me. Great things cost money and nobody likes to spend money, and absolutely no product is going to make anywhere near everyone happy.

 

[MisterSavage]

Ease of use, high-quality user interface, seamless integration with Safari, all my license files and PDF receipts I had stored in 1P, and more. But my list wasn't actually meant to refer to Bitwarden alone. I meant that all of the 1Password alternates suffer from one shortcoming or another compared to 1P. Bitwarden was OK, I settled on trying it because it is free, but certainly not because it's the best.

Gotcha. I've only been using the Chrome plug-in so I don't know how it integrates with Safari. You can store files if you choose the $10 a year plan.

 

[toasted ICT]

"If you use this popular password manager, all of your passwords may have been stolen" bgr

Now there is an article that catches your attention.

 

[toasted ICT]

Oh oh. Another one. I better stop reading this stuff.
Kaspersky

 

[bradl]

Oh oh. Another one. I better stop reading this stuff.
Kaspersky

I'd have to say that the Kaspersky issue isn't as bad as the PasswordState or other cloud-based password managers. Bruteforcing is a problem, but even with that, you're still in control of the passwords that you have and where they are located. The issue we are worried about is if those passwords are kept in a third party location (read: cloud based servers). If they get compromised there, that compromises all of the passwords you have.

BL.

 

[Macdaddy789]

I've been coming here for years but have never posted. I've been using 1 password for many years but this morning I found a password manager that blew me away it's called minimalist https://minimalistpassword.com/ I downloaded it paid for it and really think its a winner Still young but its going places

 

[digitaldave]

I’m currently using 1Password and have 2fa enabled for sites that support it. If I change from 1Password to another system that also supports 2fa, will I need to disable them in 1Password first, then re-enable them in whatever new system I end up using?

Thanks.

 

[MisterSavage]

I’m currently using 1Password and have 2fa enabled for sites that support it. If I change from 1Password to another system that also supports 2fa, will I need to disable them in 1Password first, then re-enable them in whatever new system I end up using?

Thanks.

What I did was leave them alone in 1Password, disable 2FA on the service (which might require you to enter a TOTP code from 1Password), re-enable 2FA on the service and store the new key for TOTP codes in the new password manager.

 

[digitaldave]

What I did was leave them alone in 1Password, disable 2FA on the service (which might require you to enter a TOTP code from 1Password), re-enable 2FA on the service and store the new key for TOTP codes in the new password manager.

That makes more sense, thanks.

 

[MacBH928]

I wonder why no one is considering EnPass? its the closest thing to 1password I found.

I've tried several of the recommended alternatives from this thread in the last few weeks. I eventually ended up with BitWarden—which I don't like at all, but I find it to be the best alternative. That being said:

• If I'm going to pay a subscription, I might as well stay with 1Password.
• If I have to give up a bunch of features, I might as well stay with 1Password.
• If the app is so cumbersome to use, and the Safari plugin crashes constantly, I might as well stay with 1Password.
• If there is a complete lack of background info and history on the product, the company/developer behind it, I might as well stay with 1Password.

In short, the more alternatives I look at and use, the more I'm likely to stay with 1Password.

I find it a bit worrying that no app checks all the boxes like 1password , that is not usually the case with competing products. I wonder if 1Password has achieved something that others can not and truly deserve the subscription. I wanted to like Bitwarden but the GUI is too ugly for me. Which managers you found stability issues with?

I’m currently using 1Password and have 2fa enabled for sites that support it. If I change from 1Password to another system that also supports 2fa, will I need to disable them in 1Password first, then re-enable them in whatever new system I end up using?

Thanks.

Why would you trust 2fa to an app, if you lose access to it or something thats it your are locked out. At least with the sms system you a can always get a replacement sim and a new phone.

 

[maflynn]

• If I'm going to pay a subscription, I might as well stay with 1Password.
• If I have to give up a bunch of features, I might as well stay with 1Password.
• If the app is so cumbersome to use, and the Safari plugin crashes constantly, I might as well stay with 1Password.
• If there is a complete lack of background info and history on the product, the company/developer behind it, I might as well stay with 1Password.

And this is why I'm sticking with 1Password. I've tried a number of them and none offer the features, flexibility and ease of use that 1Password offers

 

[bradl]

I wonder why no one is considering EnPass? its the closest thing to 1password I found.



I find it a bit worrying that no app checks all the boxes like 1password , that is not usually the case with competing products. I wonder if 1Password has achieved something that others can not and truly deserve the subscription. I wanted to like Bitwarden but the GUI is too ugly for me. Which managers you found stability issues with?



Why would you trust 2fa to an app, if you lose access to it or something thats it your are locked out. At least with the sms system you a can always get a replacement sim and a new phone.

Someone correct me if I'm wrong here, but I thought that it also was an Electron app, plus I've read that to sync between devices, iCloud is required, but I also read that either a cloud-based service or a WiFi connection is required.

BL.

 

[MacGizmo]

And just as quickly as I thought I might stick with 1Password, I switched to Minimalist. $60 one time purchase, easy to use (perhaps easier than 1P), a nice clean interface, no stupid Safari extension to deal with, and it works perfectly with iOS and iPad OS.

 

[Macdaddy789]

And just as quickly as I thought I might stick with 1Password, I switched to Minimalist. $60 one time purchase, easy to use (perhaps easier than 1P), a nice clean interface, no stupid Safari extension to deal with, and it works perfectly with iOS and iPad OS.

I could'nt agree with you more it's very Mac like I emailed the developer and was told a lot of improvement are coming. Such as encrypted backups and the category section is being rebuilt to make more user friendly along with other improvements.

 

[maflynn]

no stupid Safari extension

How does it paste passwords into the browser then?

 

[coops]

On topic (cough)... I'm loving KeePassXC and iCloud Been using it for weeks now. That and keychain - seems to be doing everything I need it to do for now.

My method of choice too.
keychain for general internet use, and have KeepassXC on the laptop and KeePassium on the iPhone to match. easy enough and no subscription.

 

[Macdaddy789]

How does it paste passwords into the browser then?

It works through safaris auto fill just as if you were using keychain. Check auto fill in safari preferences and that will bring up minimalist at your sign on page. There is a free trial using 10 passwords only that's how I ran it before I purchased it.

 

[maflynn]

It works through safaris auto fill just as if you were using keychain. Check auto fill in safari preferences and that will bring up minimalist at your sign on page. There is a free trial using 10 passwords only that's how I ran it before I purchased it.

Thanks, its not cross platform, so Its not a tool that fits my needs, but I was curious as how it would work without an extension