1Password migrants thread

[bradl]

Are you sure EnPass is Electron?

Hmmmm.....there seems to be a lot of confusion out there on this issue. I have seen references by users on various places on the internet saying it does, however there is a very recent post by an enpass team member saying it doesn’t when someone asked:



Now, I have seen a number of post raising some security concerns with the other third party tools they have relied on in the past, but electron does not seem to be one of them and I don’t even know if those issues raised earlier even exist anymore. So I am not quite sure what to think about enpass at the moment. There doesn’t seem to be a whole lot of info to dig into compared to say, 1password. I don’t know if that is because of transparency issues or just less users or what. But I do know info seems harder to come by.

I can actually confirm that Enpass is NOT an Electron app. It is easy for anyone else to confirm as well, though it requires using the CLI to do so.

From Linux, after downloading their portable app, I could change directories to where the binary is located, and run a:

file /path/to/EnpassPortable

Which will tell you the type of file the binary is, which should be an x86_64 executable. Additionally, you can run:

ldd /path/to/EnpassPortable

Where "/path/to" is the path where you have downloaded and untarred the package containing the program. If you have all of the libraries installed (your Linux distro should include the QT library suite; if it doesn't, that can be downloaded), you will see all of the libraries used in compiling the binary.

On MacOS, when the app is installed, it should install itself in /Applications/Enpass.app (if from the App Store), or /Applications/EnpassPortable.app (if installed from their website). For this example, I'm using the Portable app. From there, you can run:

file /Applications/EnpassPortable.app/Contents/MacOS/EnpassPortable

Which should tell you if it is an executable. The ldd command doesn't exist for MacOS (at least not natively), so you can run:

otool -L /Applications/EnpassPortable.app/Contents/MacOS/EnpassPortable

which will list all of the libraries used to compile it for MacOS. This all worked for me on Sierra, which is the minimum OS requirement for Enpass. So this should satisfy everyone's issues on if Enpass is Electron or not, and clearly, it is not.

BL.

 

[MacBH928]

I found roboform, it has $100 5 year license albeit I can't tell if this means 5 year rent or 5 year support+updates. Still like $60 cheaper than 1password.

Agree. I subscribed to Bitwarden Premium because I wanted some of the premium features and wanted to support them.

Does Bitwarden have a desktop app? how I sync beetween laptop and iOS?

"Bitwarden" is not a good name for a password manager. Just sayin'.

Why ? I think its beautiful name. it the keeper for your bits.

This thread has made me think. I've been a Lastpass subscriber for years. I've liked it. So I started doing some research and am wondering if anyone has tried sticky password. Supports on device DB, Cloud sync is an option. So is wifi sync. Can run on Mac, Windows, iOS, and Android. Browser plugins for every major browser and then some. Import /export. Free version and subscription model but they have a lifetime subscription too. And you can buy the lifetime elsewhere for a good deal less than what they sell it for.

I'm tempted to try it. Just wondering if anyone else has looked.

Best password manager and free password safe | Sticky Password

Stop forgetting passwords now. With our free password manager, you can log in securely, autofill forms in a second, and use your passwords wherever you go.

www.stickypassword.com

LastPass s shady from what I understand but your suggestion is awesome. This one has everything and it says its been around since 2001 so that assuring. I also found a popular one called Keeper but subscription.

I like to be on the bandwagon on a popular app this way I know the community is large enough that the developers cares and has sustainable business model.

For those who like 1Password but do not want to expose their data to AgileBits servers or do not want to subscribe to their software, they are seeking a poll about self hosting interest for 1Password. If interested please express your interest and hopefully it will make a difference in their approach.

Self-hosted 1Password kick-starter | 1Password

survey.1password.com

HA! They think we are begging them to bring back local vaults. Lets abandon them, make their employees lose job and jump ship, and their investors lose money. No way I am supporting this evil and dark pattern company again. We can survive just enough without them. I wish most users would jump on 1 other specific app so it because its arch nemesis.

 

[MacBH928]

looks like EnPass for me

 

[MisterSavage]

Does Bitwarden have a desktop app? how I sync beetween laptop and iOS?

It has a desktop app for all major OS (including Mac and Linux). There's even a command line version! I am going to be frank here. The Mac desktop version is ugly as hell and I believe it's an electron app also. When I first saw it I almost decided against BW right there. However, I don't use it 95% of the time I'm using BW on my Mac. I'm always using autofill. To make changes to an item or add an item I use the browser extension, which I really like. You don't have to do anything to sync between laptop or iOS because they both pull from the same vault (which you either self-host or put on bitwarden.com).

 

[baas]

Switched from 1Password v6 to Bitwarden. Liking it so far after a couple of weeks use. It's not as polished as 1P but for me a password manager just needs to do the fundamentals right, as bitwarden does.
Macbook Air 2018 with Mojave and iPhone 12 ios 14.8

 

[bradl]

It has a desktop app for all major OS (including Mac and Linux). There's even a command line version! I am going to be frank here. The Mac desktop version is ugly as hell and I believe it's an electron app also. When I first saw it I almost decided against BW right there. However, I don't use it 95% of the time I'm using BW on my Mac. I'm always using autofill. To make changes to an item or add an item I use the browser extension, which I really like. You don't have to do anything to sync between laptop or iOS because they both pull from the same vault (which you either self-host or put on bitwarden.com).

It would be interesting to see the trends for your memory and CPU usage over a given period of time if you run Bitwarden on your Mac without shutting it down, for, say, a week.

BL.

 

[MisterSavage]

It would be interesting to see the trends for your memory and CPU usage over a given period of time if you run Bitwarden on your Mac without shutting it down, for, say, a week.

BL.

I actually rarely run it because the browser extension doesn't need it to be running. I just launched it and it's using 54 MB of memory and 0.5% of my CPU, but who knows what that would be after a week of running it.

 

[bradl]

I actually rarely run it because the browser extension doesn't need it to be running. I just launched it and it's using 54 MB of memory and 0.5% of my CPU, but who knows what that would be after a week of running it.

Interesting. Running the browser extension or in a mini-type version would eliminate the resource issue..

This may be out of scope for the thread, but does anyone know how Electron works, resource wise? I mean, with programs coded in C or C++, once the program terminates, the resources used by that program get returned to the OS. However, with Java, they don't until some type of garbage collection is done. How does Electron work with that? If it returns the resources back to the OS, then I may be okay with running the desktop app just to input new passwords or to sync from the vault to various devices, and that's it.. the rest could be done through the browser extension or a mini version, should Bitwarden have it.

BL.

 

[Huntn]

They aint listening.

Folk have been posting their needs concerns and hopes on Agilebit forum for the last few years. In every instance the requests have met with condescending responses "if only you understood you would see this is the best way"

So, yeah, sure:
- Your data can be kept only on the developers server
- No local vaults
- No icloud, dropbox or any other support
- Reduced security with Electron app
- Reduced performance
- Poorer user experience
- subscription only

No export ability. stop paying and loose your data.

Yes, lets plead with them on their "survey"
Not a chance.

Is 1Password moving away from private vaults? I still have the non subscription version but got a message on iOS- Safari they no longer support individual vaults. This is part of their big monetization scam. I need to see what the circumstance is on Safari for MacOS Catalina. I assume the same.

My summation and question:

• A password manager is not a virus program that depends on regular database updates. You provide the data and they just provide a framework of access.
• This is a money grab by developers and I will resist. How would you like to rent Safari??

I have not read through this entire thread. Is there a good password manager competitor out there that allows you to keep a personal vault and does not demand a subscription? Is there a good alternative by other means?

If necessary I’ll revert to a password file and just copy paste in the needed info and **** them.

 

[MisterSavage]

If it returns the resources back to the OS, then I may be okay with running the desktop app just to input new passwords or to sync from the vault to various devices, and that's it.. the rest could be done through the browser extension or a mini version, should Bitwarden have it.

Just as an FYI you don't have to launch the desktop version to do either of those things.

You can add a new entry for a website with the extension. The nice thing about doing it that way is that the URI and name fields are already filled in based on the website you're on. The extension saves the change to your vault. Your iOS devices will pick up the change without you having to launch the desktop version.

 

[bradl]

Is 1Password moving away from private vaults? I still have the non subscription version but got a message on iOS- Safari they no longer support individual vaults. This is part of their big monetization scam. I need to see what the circumstance is on Safari for MacOS Catalina. I assume the same.

That's correct. No more local/standalone vaults, and no more standalone licenses with 1Password 8 going forward. 1Password 7 is the last version to support standalone vaults, and you can no longer purchase a standalone license. Now, you have to buy a subscription, your vaults are stored on 1Password's servers, and is still not known that should you cancel your subscription if 1Password will delete your data.

My summation and question:

• A password manager is not a virus program that depends on regular database updates. You provide the data and they just provide a framework of access.
• This is a money grab by developers and I will resist. How would you like to rent Safari??

I have not read through this entire thread. Is there a good password manager competitor out there that allows you to keep a personal vault and does not demand a subscription? Is there a good alternative by other means?

There are a list of alternatives, but seeing that most people have different requirements, each person may go with something completely different to another. For example, some of those alternatives are:

• Bitwarden
• Enpass
• Strongbox
• SafeInCloud
• Secrets
• Minimalist
• KeePass/KeePassium/KeePassXC, etc.
• WiFi sync/sync to whatever cloud service you prefer.

Plus many more. General consensus is that most people are looking for:

• Standalone/local vaults, if not local vaults on NAS-like devices via WebDAV
• Standalone licenses
• cross-platform devices (Mac, Windows, iOS, etc.)
• Native app. Not coded in Electron
• supported.

Some of the apps we've seen are either 1-man shops or may or may not have decent support. So far, the top ones I've seen are Enpass, Bitwarden, and a combination of KeePass* apps. SafeInCloud would be a good alternative, but no-one knows anything about the developer, and he's a 1-man shop.

If necessary I’ll revert to a password file and just copy paste in the needed info and **** them.

We're all on the bubble right now and are hoping to have time to figure out which ones would work the best, but with the 1Password 7.8 iOS app being released, they are forcing everyone's hand.

BL.

 

[Huntn]

That's correct. No more local/standalone vaults, and no more standalone licenses with 1Password 8 going forward. 1Password 7 is the last version to support standalone vaults, and you can no longer purchase a standalone license. Now, you have to buy a subscription, your vaults are stored on 1Password's servers, and is still not known that should you cancel your subscription if 1Password will delete your data.



There are a list of alternatives, but seeing that most people have different requirements, each person may go with something completely different to another. For example, some of those alternatives are:

• Bitwarden
• Enpass
• Strongbox
• SafeInCloud
• Secrets
• Minimalist
• KeePass/KeePassium/KeePassXC, etc.
• WiFi sync/sync to whatever cloud service you prefer.

Plus many more. General consensus is that most people are looking for:

• Standalone/local vaults, if not local vaults on NAS-like devices via WebDAV
• Standalone licenses
• cross-platform devices (Mac, Windows, iOS, etc.)
• Native app. Not coded in Electron
• supported.

Some of the apps we've seen are either 1-man shops or may or may not have decent support. So far, the top ones I've seen are Enpass, Bitwarden, and a combination of KeePass* apps. SafeInCloud would be a good alternative, but no-one knows anything about the developer, and he's a 1-man shop.



We're all on the bubble right now and are hoping to have time to figure out which ones would work the best, but with the 1Password 7.8 iOS app being released, they are forcing everyone's hand.

BL.

I agree with the consensus.
Don’t some in your list require subscriptions?
How about stand alone vaults?
When I see this update on my Mac I won’t update it unless I already did. 🤔 If so, vaults may no longer be supported on iOS Safari, but it looks like my vault is still updating to my device IPasswird apps.

I just read this wired article and they recommended keepassxc, I‘ll just ignore that 1Password was listed first, a subscription is bad enough, there is no way in hell I am going to a 1Password server to store my passwords. 👎

The Best Password Managers to Secure Your Digital Life

Keep your logins locked down with our favorite password management apps for PC, Mac, Android, iPhone, and web browsers.

www.wired.com

More links:

KeePassXC Review: Pros & Cons, Features, Ratings, Pricing and more

A good option for tech-savvy Linux users, but not suitable for most people

www.techradar.com

RyanNickel.com - Migrating from 1Password to KeePassXC

Getting Started With KeePassXC

2020 UPDATE: The guide below was written back in 2017. While it still may be helpful to some, KeePassXC has changed quite a bit in the last three years, both in functionality and aesthetics (almost universally for the better!). Since this guide may be out-of-date, I’d recommend their new...

sts10.github.io

https://keepassxc.org/docs/KeePassXC_GettingStarted.html

 

[toasted ICT]

Bit of an update...

I am using Strongbox for nearly 2 months now as my primary (only) password manager....really worth trying if your on macOS / iOS

After more than a decade with 1password I got sick of the snarky attitude and I could see where they were heading - so I moved....the last 2 years I was using Safeincloud and had no problems.... its a small Moscow based developer but has been going since 2012 no issues.

But I recently moved again - now on Strongbox because its better than Safeincloud in a few ways and i no longer needed PC support :

1/ Smaller risk footprint - no browser extensions ( yay ! ) - it uses Apple's own Autofill to fill credentials in Safari

2/ Its opensouce based - KeePass

3/ License purchase OR subscription - your choice

4/ Store your database where you want. iCloud, Dropbox, Google Drive and Microsoft Onedrive, Webdav support, sync to desktop on LAN or local on device only. (No mandatory need for MY data to be held only on the developers server at MY risk )

Its a nice GUI and native app too. They have a decent website if your interested. Google "strongboxsafe"

PS: I used 1password For about a decade. I have no relationship with any password management company other than as a paying customer.

 

[MacBH928]

Is 1Password moving away from private vaults? I still have the non subscription version but got a message on iOS- Safari they no longer support individual vaults. This is part of their big monetization scam. I need to see what the circumstance is on Safari for MacOS Catalina. I assume the same.

My summation and question:

• A password manager is not a virus program that depends on regular database updates. You provide the data and they just provide a framework of access.
• This is a money grab by developers and I will resist. How would you like to rent Safari??

I have not read through this entire thread. Is there a good password manager competitor out there that allows you to keep a personal vault and does not demand a subscription? Is there a good alternative by other means?

If necessary I’ll revert to a password file and just copy paste in the needed info and **** them.

EnPass: near 1:1 replica of 1password, has license but I am scared they abandon it and turn evil in the future. But they just reintroduced it.

StickyPassword: looks promising but never tried it and don't know much about it.

Roboform:- $100/5 year subscription that turns you into the free tier after that. Not sure if it has local vault.

--If you are on Apple only devices---

-Strongbox
-Minimalist
-SafeInCloud
-Secrets

all small time near 1 developer apps

--FOSS--

ّ-Bitwarden (best imo)
-KeePassXC (Uglist and most difficult password manager I saw)
-Keeweb.io (no mobile apps)
-MacPass

legend has it that all apps based on KeePass use same DB file format and can sync with each other. Extensions, desktop , and smartphone apps. Look at attachment for a list.

Just as an FYI you don't have to launch the desktop version to do either of those things.

You can add a new entry for a website with the extension. The nice thing about doing it that way is that the URI and name fields are already filled in based on the website you're on. The extension saves the change to your vault. Your iOS devices will pick up the change without you having to launch the desktop version.

I need desktop app because then it can run a 1password-mini kind of thing and let me autofill using cmd+\

How does my iOS sync with the DB? In 1password I open 1password iOS and 1Password mac and hit sync and they sync together.

Bit of an update...

I am using Strongbox for nearly 2 months now as my primary (only) password manager....really worth trying if your on macOS / iOS

After more than a decade with 1password I got sick of the snarky attitude and I could see where they were heading - so I moved....the last 2 years I was using Safeincloud and had no problems.... its a small Moscow based developer but has been going since 2012 no issues.

But I recently moved again - now on Strongbox because its better than Safeincloud in a few ways and i no longer needed PC support :

1/ Smaller risk footprint - no browser extensions ( yay ! ) - it uses Apple's own Autofill to fill credentials in Safari

2/ Its opensouce based - KeePass

3/ License purchase OR subscription - your choice

4/ Store your database where you want. iCloud, Dropbox, Google Drive and Microsoft Onedrive, Webdav support, sync to desktop on LAN or local on device only. (No mandatory need for MY data to be held only on the developers server at MY risk )

Its a nice GUI and native app too. They have a decent website if your interested. Google "strongboxsafe"

PS: I used 1password For about a decade. I have no relationship with any password management company other than as a paying customer.

Whats wrong with having a browser extension? Autofill is a MUST for me

 

[toasted ICT]

Whats wrong with having a browser extension? Autofill is a MUST for me

Strongbox does Autofill.
It uses Apple's own Autofill capability, from the operating system, to fill credentials in Safari.
Not having to use a separate browser extension improves security significantly.

Keeping the attack surface of any software environment as small as possible is a basic security measure. Negating the need for browser extensions is sensible design. See The Case for Limiting Your Browser Extensions for example or just Google "browser extension attack surface".

 

[MadeTheSwitch]

I can actually confirm that Enpass is NOT an Electron app. It is easy for anyone else to confirm as well, though it requires using the CLI to do so.

From Linux, after downloading their portable app, I could change directories to where the binary is located, and run a:

file /path/to/EnpassPortable

Which will tell you the type of file the binary is, which should be an x86_64 executable. Additionally, you can run:

ldd /path/to/EnpassPortable

Where "/path/to" is the path where you have downloaded and untarred the package containing the program. If you have all of the libraries installed (your Linux distro should include the QT library suite; if it doesn't, that can be downloaded), you will see all of the libraries used in compiling the binary.

On MacOS, when the app is installed, it should install itself in /Applications/Enpass.app (if from the App Store), or /Applications/EnpassPortable.app (if installed from their website). For this example, I'm using the Portable app. From there, you can run:

file /Applications/EnpassPortable.app/Contents/MacOS/EnpassPortable

Which should tell you if it is an executable. The ldd command doesn't exist for MacOS (at least not natively), so you can run:

otool -L /Applications/EnpassPortable.app/Contents/MacOS/EnpassPortable

which will list all of the libraries used to compile it for MacOS. This all worked for me on Sierra, which is the minimum OS requirement for Enpass. So this should satisfy everyone's issues on if Enpass is Electron or not, and clearly, it is not.

BL.

Thanks for doing all that research and posting it! I will consider them.

What I need is a reasonably priced, cross-platform solution that won’t bog my computer down. And where data isn’t forced in the cloud and has a family option so that others in family can have their own passwords but we can have shared ones as well for things like streaming music subscriptions, financial and bill accounts in case something happens to one of us...that kind of thing. Also don’t want a super small developer that might be unreliable down the road.

 

[Huntn]

I have zeroed in on Bitwarden. Here is the pricing: https://bitwarden.com/pricing/
$10 per year is reasonable, (as I recall 1Password was $60 just to buy), but I’m trying to figure out why I should not go with the free version of Bitwarden. 2Factor Identification with premium (which I am familiar with), I assume is a feature to sign in to your vault or your account? I’d like that. Of note, my current 1Password sign in (which I am about to dump) is a long ass password, but it does not have 2FA either. 🤔

 

[Apple_Robert]

Bit of an update...

I am using Strongbox for nearly 2 months now as my primary (only) password manager....really worth trying if your on macOS / iOS

After more than a decade with 1password I got sick of the snarky attitude and I could see where they were heading - so I moved....the last 2 years I was using Safeincloud and had no problems.... its a small Moscow based developer but has been going since 2012 no issues.

But I recently moved again - now on Strongbox because its better than Safeincloud in a few ways and i no longer needed PC support :

1/ Smaller risk footprint - no browser extensions ( yay ! ) - it uses Apple's own Autofill to fill credentials in Safari

2/ Its opensouce based - KeePass

3/ License purchase OR subscription - your choice

4/ Store your database where you want. iCloud, Dropbox, Google Drive and Microsoft Onedrive, Webdav support, sync to desktop on LAN or local on device only. (No mandatory need for MY data to be held only on the developers server at MY risk )

Its a nice GUI and native app too. They have a decent website if your interested. Google "strongboxsafe"

PS: I used 1password For about a decade. I have no relationship with any password management company other than as a paying customer.

With Strongbox, you can use FaceID and separate PIN CODES for the app and database before you gain access, which is what I do. It makes it a lot more secure on the device, versus 1Password.

 

[Huntn]

Can anyone confirm that Bitwarden allows the use of private vaults? Reviewing my notes, the last time I tried it, in 2020 I decided against it because it did not offer the ability to use private vaults... I could be confused.

Does anyone have a list of password managers that feature user setup vaults that are not on the company's server?

 

[Huntn]

I chose Bitwarden. I've already paid the $10 for the premium for a year and I love it. I agree the UI is a little clunky. The browser plugin is actually my favorite part. I'm using it constantly. Bitwarden gives you the option to self host your passwords if you don't want them in the cloud.

Bitwarden- Your vault on your service (like dropbox) , or Your vault on their server? My impression is that some of the responders in this thread are leaving 1Password because they are dropping support for private vaults. My guess this is a 1Password reinforcing excuse to shove subscriptions down customers' throats? 🤔

 

[MisterSavage]

I have zeroed in on Bitwarden. Here is the pricing: https://bitwarden.com/pricing/
$10 per year is reasonable, (as I recall 1Password was $60 just to buy), but I’m trying to figure out why I should not go with the free version of Bitwarden. 2Factor Identification with premium (which I am familiar with), I assume is a feature to sign in to your vault or your account? I’d like that. Of note, my current 1Password sign in (which I am about to dump) is a long ass password, but it does not have 2FA either. 🤔

The free account is fine for many people. I wanted to support them and get extra features like TOTP codes for 2FA. It's a feature for signing in to *other* sites. For example, could store your Google 2FA codes in Bitwarden.

Can anyone confirm that Bitwarden allows the use of private vaults? Reviewing my notes, the last time I tried it, in 2020 I decided against it because it did not offer the ability to use private vaults... I could be confused.

Does anyone have a list of password managers that feature user setup vaults that are not on the company's server?

Instead of putting your data on Bitwarden's servers you can chose to "self host" with your own server.

Bitwarden- Your vault on your service (like dropbox) , or Your vault on their server? My impression is that some of the responders in this thread are leaving 1Password because they are dropping support for private vaults. My guess this is a 1Password reinforcing excuse to shove subscriptions down customers' throats? 🤔

With the free version you can self host or have your data on their server. If they ever got rid of the free version (which they say they're not going to do) then you could export your data and ditch them.

 

[Huntn]

Maybe its changed or I was doing something wrong, but what turned me off of bitwarden was the lack of integration in the browsers. With 1Password, All I have to do is click on the userid/password field and it will get filled in. For Bitwarden, I had to actively select copy and then paste it into the webpage.

I want integration with browsers too...hmm. There has been some talk about Safeincloud, but I see it lacks Safari integration, and there is the "1 person development team" issue? I guess I'll keep looking.

• I want a stand alone vault option via something like dropbox.
• I want no subscription, although I'd pay $10 per year if I had too.
• I want Mac, iOS, and PC compatibility.

 

[Huntn]

The free account is fine for many people. I wanted to support them and get extra features like TOTP codes for 2FA. It's a feature for signing in to *other* sites. For example, could store your Google 2FA codes in Bitwarden.



Instead of putting your data on Bitwarden's servers you can chose to "self host" with your own server.



With the free version you can self host or have your data on their server. If they ever got rid of the free version (which they say they're not going to do) then you could export your data and ditch them.

Thank you! I would chose to host on my own server, does this include an option to set it up in the cloud, with something like iCloud or dropbox?

I do like 2FA, and don't have an issue with $10 per year to support a decent company. I wonder how your account would be effected if you started as premium, and then let it lapse? I suppose the features like 2FA would just cease to function.l

 

[bradl]

Can anyone confirm that Bitwarden allows the use of private vaults? Reviewing my notes, the last time I tried it, in 2020 I decided against it because it did not offer the ability to use private vaults... I could be confused.

Does anyone have a list of password managers that feature user setup vaults that are not on the company's server?

My understanding is that for Bitwarden, if you go with their free option, your vaults are stored with them. If you use their freemium options (pay per year), you get the option to host the vault yourself on some hosting platform. Dropbox, iCloud, Google Cloud, etc., won't be possible from what I am reading, as the minimum requirements for self hosting your vault requires Docker.

Linux Standard Deployment | Bitwarden Help Center

This article guides you through the process of installing and deploying the Bitwarden password manager to a Linux server.

bitwarden.com

If you can't or aren't savvy or comfortable in getting that installed and configured, Bitwarden may not be a suitable option.

BL.

 

[MisterSavage]

I do like 2FA, and don't have an issue with $10 per year to support a decent company. I wonder how your account would be effected if you started as premium, and then let it lapse? I suppose the features like 2FA would just cease to function.l

Exactly. I actually looked at this recently in their help section. If your paid account lapses you can still access things that would be available in the free version, such as your passwords. It will not generate 2FA codes for you as that is a paid option.