1Password migrants thread

[Huntn]

My understanding is that for Bitwarden, if you go with their free option, your vaults are stored with them. If you use their freemium options (pay per year), you get the option to host the vault yourself on some hosting platform. Dropbox, iCloud, Google Cloud, etc., won't be possible from what I am reading, as the minimum requirements for self hosting your vault requires Docker.

Linux Standard Deployment | Bitwarden Help Center

This article guides you through the process of installing and deploying the Bitwarden password manager to a Linux server.

bitwarden.com

If you can't or aren't savvy or comfortable in getting that installed and configured, Bitwarden may not be a suitable option.

BL.

Actually I am used to having a vault with 1Password on dropbox, but I don't remember what I had to do to create it. After looking at your link, it appears that I would have to do more with Bitwarden, (that looks complicated to me) then I did with 1Password...👀

 

[Huntn]

Exactly. I actually looked at this recently in their help section. If your paid account lapses you can still access things that would be available in the free version, such as your passwords. It will not generate 2FA codes for you as that is a paid option.

At this point it seems that the only thing making me hesitate jumping on Bitwarden is having to set up a server on dropbox. I looked over @bradl's link in post #428 and that seemed to be more than I wanted to tackle. I think in 1Password, it was just select the service you want, log in and the password software did the rest creating a vault.

Maybe Apple or Dropbox will come through for us, but I'd want cross platform compatibility that if Apple was smart, they would include that.

So here is my list of demands: Is there a program up to the challenge?

• I want a (simple) stand alone vault option via something like dropbox.
• I want no subscription, although I'd pay $10 per year if I had too.
• I want Mac, iOS, and PC compatibility along with browser extensions.

 

[bradl]

Actually I am used to having a vault with 1Password on dropbox, but I don't remember what I had to do to create it. After looking at your link, it appears that I would have to do more with Bitwarden, (that looks complicated to me) then I did with 1Password...👀

Yep.. that's what was turning a lot of people away from Bitwarden. I mean, I'm savvy enough to create a VM and install Docker on it. I could even do that on my Synology NAS sitting next to me. But I'm not wanting to expose my NAS publicly just to host a vault containing my passwords publicly. I could even keep it behind my firewall, but their method of self hosting is like using the pythagorean theorem to explain angles instead of pointing one arm straight and another arm up and saying "here's an angle!". It isn't as easy as it sounds, and I'm not wanting to build yet another Linux box to hold something personal like a vault when we already have a vault now.

BL.

 

[toasted ICT]

I want Mac, iOS, and PC compatibility along with browser extensions.

Suggest just use Safeincloud. It will solve your immediate problems and you can keep looking at your leisure.

As easy as it is, I dont want to run up a server just to host my own passwords either... Bitwarden is a no go for me.

Yes safeincloud is a small developer but they have been operating since 2012.

(Sorry for repeating) for what its worth, I used it for 2 years no problem, during that time I conversed with the developer support...all ok.

After more than a decade with 1password I got sick of the snarky attitude and I could see where they were heading - so I moved....the last 2 years I was using Safeincloud and had no problems.... its a small Moscow based developer but has been going since 2012 no issues.

I only stopped using it cause I no longer need PC support and I really like the smaller risk footprint of Strongbox - no browser extensions

 

[toasted ICT]

If all else fails...just dont, DO NOT, use 1Password. (don't just give up and use 1P8)

At least move to another big corporate happy to supply you service : Dashlane or Lastpass assuming you:

1/ Dont care about storing all you secrets, bank accounts, credit cards etc on the developers server (its your data and your risk),
2/ dont care about the cost and
3/ are happy to pay monthly subscriptions


Just dont use 1Password.

Their Electron app is far worse, (performance, GUI, security of Electron app- just google to confirm)
They have condesending snarky "support" people (just read their forum)
In my honest opinion the developers cannot be trusted any more. Just try this for example: without notice updates remove features from existing 1Password 7 users.

And this is happening: new 1Password update for iOS 15 doesn't work for standalone vaults, only subscriptions.

 

[bradl]

If all else fails...just dont, DO NOT, use 1Password.

At least move to another big corporate happy to supply you service : Dashlane or Lastpass assuming you:

1/ Dont care about storing all you secrets, bank accounts, credit cards etc on the developers server (its your data and your risk),
2/ dont care about the cost and
3/ are happy to pay monthly subscriptions


Just dont use 1Password.

Their Electron app is far worse, (performance, GUI, security of Electron app- just google to confirm)
They have condesending snarky "support" people (just read their forum)
In my honest opinion the developers cannot be trusted any more. Just try this for example: without notice updates remove features from existing 1Password 7 users.

I wouldn't say this necessarily. I mean, if someone already has a standalone license for 1Password 7 or older, why not continue to use it? Anything newer or that requires a subscription is the issue. People can still be positively content with 1Password 7 with their standalone license and local vault, and can use that in perpetuity. Those with 1Password 6 can do the same until Rosetta 2 no longer works. I mean, I've been on 1Password 3 through 1Password 6, without a single problem.

AgileBits does have 1Password 7 in both x86 and Silicon formats; those with that 1Password 7 license can continue as they may on either Mac, or even can switch from Intel to Silicon, download the binary again for Silicon, and continue merrily on their way, oblivious to anything AgileBits is doing.

BL.

BL.

 

[MacBH928]

I think Roboform does not support local vaults, why so many rely on the cloud even for free tiers? Is having a local vault that difficult to do?

Bitwarden is no longer an option for me , I am not setting up a server just to sync passwords.

I am really thinking 1Password is truly evil, they knew there was no exactly replcement for their app . Each other option had caveat so they felt brave enough to push the subscription model. They are twisting the arms of the consumer. I was even ok with them hiding the license option.

The Case for Limiting Your Browser Extensions

I still didn't read the article, but maybe this is for super secure areas like the army but 10s of millions of people are using many password manger plugins for many years and no one is complaining?!

Thanks for doing all that research and posting it! I will consider them.

What I need is a reasonably priced, cross-platform solution that won’t bog my computer down. And where data isn’t forced in the cloud and has a family option so that others in family can have their own passwords but we can have shared ones as well for things like streaming music subscriptions, financial and bill accounts in case something happens to one of us...that kind of thing. Also don’t want a super small developer that might be unreliable down the road.

EnPass does all of that . I do not know why everyone is considering everything except them. As for the development team I am not sure how large it is but I think its more than 1 man.

With Strongbox, you can use FaceID and separate PIN CODES for the app and database before you gain access, which is what I do. It makes it a lot more secure on the device, versus 1Password.

Strongbox caveat is its Apple only. It could work but if I was going to move to a password manager I might as well move to a crossplatform one.

Can anyone confirm that Bitwarden allows the use of private vaults? Reviewing my notes, the last time I tried it, in 2020 I decided against it because it did not offer the ability to use private vaults... I could be confused.

Does anyone have a list of password managers that feature user setup vaults that are not on the company's server?

I already mentioned the ones earlier on for you. EnPass is the closest thing to 1Password.

If all else fails...just dont, DO NOT, use 1Password.

At least move to another big corporate happy to supply you service : Dashlane or Lastpass assuming you:

1/ Dont care about storing all you secrets, bank accounts, credit cards etc on the developers server (its your data and your risk),
2/ dont care about the cost and
3/ are happy to pay monthly subscriptions


Just dont use 1Password.

Their Electron app is far worse, (performance, GUI, security of Electron app- just google to confirm)
They have condesending snarky "support" people (just read their forum)
In my honest opinion the developers cannot be trusted any more. Just try this for example: without notice updates remove features from existing 1Password 7 users.

If Electron app is so bad, why do they keep using it? I don't understand. Especially 1password that does have the resources to build native apps. In fact they have been doing so for that past 15 years or so.

 

[bradl]

If Electron app is so bad, why do they keep using it? I don't understand. Especially 1password that does have the resources to build native apps. In fact they have been doing so for that past 15 years or so.

They realized that they were missing out on a huge market, which was all of the Windows users. Those users were going straight to Lastpass and Keepass as they had no other option. When AB started to port 1Password to being web based, they were able to get into that market, then focus on cross platform ability. Now they are just going that way full stop, leaving out anything native.

I wonder if there is a free IDE available for Windows, so I can see how the Enpass binary there is compiled. It's obvious that they compiled it dynamically for Linux and statically for MacOS, so it has me wondering if they also compiled it statically for Windows. If they did, then it's the same codebase all around, meaning that there shouldn't have been a problem if AgileBits standardized on a given language/library base, and compiled 1Password against that for each environment they would be running. That would have made things much easier to maintain, plus use less resources than Electron would.

BL.

 

[Huntn]

Suggest just use Safeincloud. It will solve your immediate problems and you can keep looking at your leisure.

As easy as it is, I dont want to run up a server just to host my own passwords either... Bitwarden is a no go for me.

Yes safeincloud is a small developer but they have been operating since 2012.

(Sorry for repeating) for what its worth, I used it for 2 years no problem, during that time I conversed with the developer support...all ok.



I only stopped using it cause I no longer need PC support and I really like the smaller risk footprint of Strongbox - no browser extensions

• For myself, a private vault is top priority, would prefer not to compromise.
• Compromise 1- And I could give up cross platform compatibility, and just stick a Mac program.
• Compromise 2- Browser extensions are a convenience which neither Strongbox or Safeincloud offer. You get spoiled with that feature, does it represent liability? If worse comes to worse I could put up without that feature if I had too.

 

[Huntn]

I wouldn't say this necessarily. I mean, if someone already has a standalone license for 1Password 7 or older, why not continue to use it? Anything newer or that requires a subscription is the issue. People can still be positively content with 1Password 7 with their standalone license and local vault, and can use that in perpetuity. Those with 1Password 6 can do the same until Rosetta 2 no longer works. I mean, I've been on 1Password 3 through 1Password 6, without a single problem.

AgileBits does have 1Password 7 in both x86 and Silicon formats; those with that 1Password 7 license can continue as they may on either Mac, or even can switch from Intel to Silicon, download the binary again for Silicon, and continue merrily on their way, oblivious to anything AgileBits is doing.

BL.

BL.

Except I got a message in iOS having not upgraded past 1Password 7 that private vaults are no longer supported, so until I test it, I assume this means no more Safari browser integration, however I can still use my vault to pull up the passwords and copy paste them.

 

[Huntn]

I think Roboform does not support local vaults, why so many rely on the cloud even for free tiers? Is having a local vault that difficult to do?

Bitwarden is no longer an option for me , I am not setting up a server just to sync passwords.

I am really thinking 1Password is truly evil, they knew there was no exactly replcement for their app . Each other option had caveat so they felt brave enough to push the subscription model. They are twisting the arms of the consumer. I was even ok with them hiding the license option.



I still didn't read the article, but maybe this is for super secure areas like the army but 10s of millions of people are using many password manger plugins for many years and no one is complaining?!



EnPass does all of that . I do not know why everyone is considering everything except them. As for the development team I am not sure how large it is but I think its more than 1 man.



Strongbox caveat is its Apple only. It could work but if I was going to move to a password manager I might as well move to a crossplatform one.



I already mentioned the ones earlier on for you. EnPass is the closest thing to 1Password.



If Electron app is so bad, why do they keep using it? I don't understand. Especially 1password that does have the resources to build native apps. In fact they have been doing so for that past 15 years or so.

I see Enpass offers a lifetime license for $80. I’ll assume for just the current version number. I’ll consider this.

 

[toasted ICT]

• For myself, a private vault is top priority, would prefer not to compromise.
• Compromise 1- And I could give up cross platform compatibility, and just stick a Mac program.
• Compromise 2- Browser extensions are a convenience which neither Strongbox or Safeincloud offer. You get spoiled with that feature, does it represent liability? If worse comes to worse I could put up without that feature if I had too.

Safeincloud is cross platform - PC, Mac, iphone and ipad
Strongbox doesn't need a browser extension it uses Apples Autofill.
Both safeincloud and strongbox will automatically fill usernames and passwords into the browsers website.
No compromise

 

[Huntn]

Safeincloud is cross platform - PC, Mac, iphone and ipad
Strongbox doesn't need a browser extension it uses Apples Autofill.
Both safeincloud and strongbox will automatically fill usernames and passwords into the browsers website.
No compromise

I did not realize, thanks, will look at these again.

 

[bukalemun]

If you are only using Apple devices, the new iCloud Keychain on iOS 15 and Safari 15 is a great alternative with 2FA support. I moved all my 2FA from 1Password to Keychain, backing up the TOTP QR Codes while at it and I am very happy with the result. Obviously this has very limited cross platform capability but for Apple devices, it is the perfect solution.

 

[CMoore515]

Those who use Secrets:

How is it overall? I’m very curious to try it out, but I’m hesitant to spend the $20-$40 to unlock full features without hearing opinions.

 

[bradl]

Except I got a message in iOS having not upgraded past 1Password 7 that private vaults are no longer supported, so until I test it, I assume this means no more Safari browser integration, however I can still use my vault to pull up the passwords and copy paste them.

In iOS, correct; especially iOS 15. I haven't updated to iOS 15, let alone 1Password 7.8 on the only device that I could use it with, which is my iPhone (I have my iPad mini 4 still on iOS 10.3.3, and 1Password 8 and higher requires High Sierra, which is horribly supported on my Mac, while Sierra has been solid. So I can't update either my Mac nor my iPad, so they are still on 1Password 6 and 1Password 6.x, respectfully. Only my iPhone 11 is on 1Password 7.7.8, and with that warning, I haven't updated it to 7.8 for fear of losing access to my vaults.

For me, each one of my devices are going to stay where they are at until I find an alternative that suits my needs.

BL.

 

[MadeTheSwitch]

In iOS, correct; especially iOS 15. I haven't updated to iOS 15, let alone 1Password 7.8 on the only device that I could use it with, which is my iPhone (I have my iPad mini 4 still on iOS 10.3.3, and 1Password 8 and higher requires High Sierra, which is horribly supported on my Mac, while Sierra has been solid. So I can't update either my Mac nor my iPad, so they are still on 1Password 6 and 1Password 6.x, respectfully. Only my iPhone 11 is on 1Password 7.7.8, and with that warning, I haven't updated it to 7.8 for fear of losing access to my vaults.

For me, each one of my devices are going to stay where they are at until I find an alternative that suits my needs.

BL.

I think as time goes on you are going to find it more and more challenging to find apps that support Sierra and iOS 10, considering they are 5 years old. I see more and more iOS apps of all types requiring iOS 13 as a baseline for whatever reason. Even my health provider app just made that the requirement as did a video app I use. Others require 12 or 12.5 like my bank and my security cam app. Something to consider.

 

[bradl]

I think as time goes on you are going to find it more and more challenging to find apps that support Sierra and iOS 10, considering they are 5 years old. I see more and more iOS apps of all types requiring iOS 13 as a baseline for whatever reason. Even my health provider app just made that the requirement as did a video app I use. Others require 12 or 12.5 like my bank and my security cam app. Something to consider.

Oh, I know; hence the other posts I've made in this thread regarding 1Password 7. I'm looking at getting the next MBP that comes out, regardless. I'm only holding out for those, so I'm stuck on Sierra until this Mac dies or I upgrade. That's why I was hoping that AgileBits was still allowing users to purchase standalone licenses, so I could just simply upgrade to 1Password 7 for x86_64, import in my vault, and then be set until the next Macs come out. When they did, I'd simply redownload the Silicon app, reinstall, reenter my license, and be off and going.

But alas, AgileBits shut down the server handling licenses, so I'm screwed.

As far as my iPad goes, because I still have some classic games on it that still rely on 32bit libraries, it isn't going past 10.3.3. That's why after that Mac, my next purchase is the iPad mini 6. I have 1Password 7.7.8 sitting in my Apps Library, so I can simply restore that new iPad from backups, and I'm set there.

In short, I have an upgrade path, but unfortunately, AgileBits forced our hands with for looking for alternatives.

BL.

 

[MacBH928]

They realized that they were missing out on a huge market, which was all of the Windows users. Those users were going straight to Lastpass and Keepass as they had no other option. When AB started to port 1Password to being web based, they were able to get into that market, then focus on cross platform ability. Now they are just going that way full stop, leaving out anything native.

I wonder if there is a free IDE available for Windows, so I can see how the Enpass binary there is compiled. It's obvious that they compiled it dynamically for Linux and statically for MacOS, so it has me wondering if they also compiled it statically for Windows. If they did, then it's the same codebase all around, meaning that there shouldn't have been a problem if AgileBits standardized on a given language/library base, and compiled 1Password against that for each environment they would be running. That would have made things much easier to maintain, plus use less resources than Electron would.

BL.

well I don't understand all of that but my only guess they are using electron so they save money on building a native app for each platform. They are evil!

I see Enpass offers a lifetime license for $80. I’ll assume for just the current version number. I’ll consider this.

Well obviousely, I don't assume people who paid for Office '98 are still getting upgrades. I think each app sold should come with at least 5 years security/bug-fix updates and at least 2-3 years of features updates

 

[bradl]

well I don't understand all of that but my only guess they are using electron so they save money on building a native app for each platform. They are evil!

Basically what this means is that they started to cater to a broader user base (the Windows users) to bring in more money. And because they wanted to save money by not having 4 separate teams code the same application 4 times (for MacOS, Windows, Linux, ChromeOS) which would cost a lot of money for keeping each team, they consolidated it all, to code it under one portable language.

To say that that is evil, however, is a bit disingenuous. Java-based applications are the same way. Swift was developed to be portable as well. The very browser you are using is done the same way. So if you want to throw the "evil" moniker around, you may as well throw away your computer, because every hardware and software company has done the same thing over the past 30 years.

Well obviousely, I don't assume people who paid for Office '98 are still getting upgrades. I think each app sold should come with at least 5 years security/bug-fix updates and at least 2-3 years of features updates

Not for nothing, but after I did my last Time Machine restore to my MBA, as soon as I brought it online, The Mac App Store saw that I was a few revisions behind on 1Password 6, and had the updates available for me to download. That TM restore was done a little over 8 weeks ago.

BL.

 

[MacBH928]

Basically what this means is that they started to cater to a broader user base (the Windows users) to bring in more money. And because they wanted to save money by not having 4 separate teams code the same application 4 times (for MacOS, Windows, Linux, ChromeOS) which would cost a lot of money for keeping each team, they consolidated it all, to code it under one portable language.

To say that that is evil, however, is a bit disingenuous. Java-based applications are the same way. Swift was developed to be portable as well. The very browser you are using is done the same way. So if you want to throw the "evil" moniker around, you may as well throw away your computer, because every hardware and software company has done the same thing over the past 30 years.



Not for nothing, but after I did my last Time Machine restore to my MBA, as soon as I brought it online, The Mac App Store saw that I was a few revisions behind on 1Password 6, and had the updates available for me to download. That TM restore was done a little over 8 weeks ago.

BL.

but Java and Swift do not have the downsides of electron?!

 

[bradl]

but Java and Swift do not have the downsides of electron?!

I never said that they didn't.

Java, in its compiled binary format, was portable to every OS that supported it: Linux, Mac, Windows, SunOS, Solaris, AIX. As long as the JRE was installed, you could compile the binary on Windows, move it over to Solaris, and it would work. However, it was a HUGE resource hog, as when you start the JVM for the application, memory and CPU have to be allocated to it, and any memory used inside that allocated memory does not get freed up back to the JVM until garbage collection is run. So it stays allocated and used until the JVM is shut down. However, such allocation and memory/CPU usage can be controlled.

Swift is object oriented, portable as well, integrates with Objective-C, so you're getting into object oriented programming. However, it does not have the downsides of electron:

1. It is portable, but limited in scope: iOS, MacOS, WatchOS, tvOS. You can compile on one of those environments, move it to another, and will work.
2. Does not have the security or resource contention issues as Electron does.

Again, Swift can be controlled, especially as you'll still be compiling something that is portable.

Electron, is based off of HTML, Cascading Style Sheets (CSS) with HTML, and JavaScript. The security implications are huge:

1. Javascript. Enough said. Insert script kiddie issues here.
2. it runs off of the Chromium engine, which is known to be prone to cross site scripting attacks.
3. Because of Chromium, Electron are simply web-based applications. It requires that engine to exist, meaning you have to have Chromium installed or used.
4. Because of #3, every Electron app comes with its own version of Chromium. Chromium on its own is 20 million lines of code. The Linux kernel is 27.8 million lines of code on its own. Chromium is nearly the size of Linux, and just for an engine.
5. because of #4, you get the resource hog. Each electron app spawns its own version of Chromium, then it has to start the application you're wanting to start. So even something like an app printing "hello World" takes up a good 100MB of space, let alone the memory. Now, look at 1Password, and all of the functionality it needs.

If I were to rank them in order of usage, I'd go with Swift at #1, Java at #25, and Electron at #4,827,955,004,271. Yes, I know there aren't that many programming languages in the world; I'd make some of them up, let alone call up some that haven't seen the light of day since they were first used. Hell, I'd use Logo before Electron, because Turtle Graphics.

Turtle graphics - Wikipedia

en.wikipedia.org

BL.

 

[toasted ICT]

Electron, is based off of HTML, Cascading Style Sheets (CSS) with HTML, and JavaScript. The security implications are huge:

Yep its ideally suited to be Agile Bits new platform for their new wonderfully secure password manager.
I wonder what AB use as their corporate moto these days "your data, your risk, my profit" ?

 

[Huntn]

I’m looking at DataVault it seems to have everything or just about everything I’m looking for.
Any objections?

• Stand alone vault option via something like dropbox.
• No subscription, although I'd pay $10 per year if I had too. As is it’s $10 for Mac version, $10 iOS version (covers multiple iOS devices) and $10 PC version.
• I want Mac, iOS, and PC compatibility.
• Browser extensions.
• 2FA (unconfirmed)
• And they offer a competitive upgrade from 1Password. Have emailed them for info on this.

FAQ - DataVault for Mac

Frequently Asked Questions (FAQ) - DataVault Password Manager for Mac

ascendo.co

 

[bradl]

I’m looking at DataVault it seems to have everything or just about everything I’m looking for.
Any objections?

• Stand alone vault option via something like dropbox.
• No subscription, although I'd pay $10 per year if I had too. As is it’s $10 for Mac version, $10 iOS version (covers multiple iOS devices) and $10 PC version.
• I want Mac, iOS, and PC compatibility.
• Browser extensions.
• 2FA (unconfirmed)
• And they offer a competitive upgrade from 1Password. Have emailed them for info on this.

FAQ - DataVault for Mac

Frequently Asked Questions (FAQ) - DataVault Password Manager for Mac

ascendo.co

This would do it for me as well, if we also have the option to store the vault locally, so it wouldn't have to be in a cloud-based service.

EDIT: Looks like it can be stored locally. Just read the user manual. And the good part about these is that they are all one-time purchases. It does seem kind of tricky, but explanatory:

1. You have to purchase the app, whether for iOS or for MacOS they are $10 each. You can also purchase the Windows client from their site, for $19.95.
2. The purchase comes with a license code, which will also be the registration key for Windows.

Other than that, as well as that most reviews bagging it are from 3-4 years ago, it does look good, as the company appears to make other applications as well. thanks to IANA wanting to be money-grubbing, it's hard to tell if this company is truly from Colombia or not.

BL.