1Password migrants thread

[MacBH928]

@Mr. Heckles , I will prove to you that you are wrong.

60 pages of you trying to justify your choice.

I am not justifying my choice. First page of this thread has like 18 options I listed of which I only use 2. 60 pages of other people leaving 1password and praising their new choice be it Bitwarden, SafeInCloud, or StrongBox.

The I haven’t posted in the tread for a while is because all you do is try to point out all the things that person does wrong if they like and use 1Password. Saying greed, saying people drink kool-Aid, and more. You realize most Android people think Apple users drink the Apple Kool Aid? Some people like expensive cars, some people are happy with a 20 year old beater. Are the people paying $70,000 plus for a car wrong? No. Now is that car maker greedy for charging that much for a car greedy? That’s an opinion.

If you go back to my posts I already said people who want to stick to 1password are free to do so, this thread is not for them. This thread is for 1password migrants , but they are free to join the conversation including yourself and explain why they still favour 1password. I am not closed minded.

Cool, you left 1Password for whatever reason, I couldn’t care less. But if a person says they like it, oh boy, they are wrong in your book. If a person thinks 1Password does something better, that’s their opinion and who are you to judge?

You are wrong again. Go back to my posts I mentioned multiple times 1password has the most polished GUI, a great assistant app which is a must for me and rare offering, and great auto fill. In fact I said multiple times the choice I settled with , EnPass, is subpar to 1password in every way...except its not subscription and does not force me to store my data in their cloud.

Some people say Apple is greedy, maybe they are, but most people on this site like them. What works for them, that’s cool on my book.

Some people pay for Verizon for cell service, some people have Metro or Boost, what works for them is what counts.

I pay for FastMail for email, I can easily use gmail or Outlook for free. If a person pays more for something and they are happy, why do you care?

They can do whatever they want with their money, I am here just to learn, exchange, and spread the knowledge. I myself was subscribed to an ISP that a competitor offered exact or better service for nearly half the price. Have I not known I would have stayed with my original ISP. Similarly , I used to have AdBlock extension until I learned there is a FOSS uBO which is better and does not have paid sponsors to let some ads through.

$5 for lifetime? You realize there is no such thing as lifetime? There is no way that app will work 20 year from now… let alone the rest of my life.

You are wrong again. The app will continue to work as is. I bought a browser called iCab for iOS for like $10 , 10 years ago. It still works and I still receive updates. I bought games on Steam and GOG.com years ago, they still work. I bought an app called Phone view in 2017, still works. Including all cds and games I have bought through out my life which still work on the original hardware or via emulator. I can continue with this.

Try skipping your next month payment for 1password, see if it still works.

I also wouldn’t trust something as important as my passwords to a $5 app. RememBear, a newer password manager that started 6 years ago is shutting down in July of 2023.

That is a fair argument and part of the reason I never went with a 1 developer apps like SafeInCloud or Minimalist but I let people make their own choices. Similarly I wouldn't trust LastPass with my password and that costs $36 a year.

I probably won’t post in here again in this thread, who knows. But to mock people, look down on them, and criticize them for what they use isn’t cool. I tell people to use a password manager, I alao tell them all the options out there. If they go with something different than me, cool, they are using a password manager and headed in the right direction in securing their accounts.

Similarly for me, I have like 18 options listed on the first post of this thread for people to choose from.

I also believe we previously had a conversation where you explained to me how 1password turns out to be actually cheaper than Bitwarden because of the number of users you had setup and I agreed that 1password is best choice for you for your own use case albeit I am not sure If I am confusing you for another member here which is a mistake I could be doing.

 

[MacBH928]

To be fair, there were plenty of us that didn't expect lifetime. I bought a license and it lasted me several years. I would have bought another one but they didn't give us that option any more. Not only that, the same amount of years at the current subscription prices would cost me more than 50% more than what I paid for the previous few years. I shopped around and found another password manager I liked better.

You should expect lifetime and its true. The app will continue to work as is bought. When you buy an app they do not advertise lifetime updates and upgrades but they advertise lifetime ownership. This is a fact.

In the future if you want to get the new feature or upgrades its your choice to purchase a new license or a discounted upgrade option, but the app will continue to work as bought.

I bought Carbon Copy Cloner 4. Then they released a paid version 5. I decided not to upgrade. My version 4 continued to work just like when I bought it. In fact they even gave me free updates until 5 was released + security and fixes updates even after version 5 was released IIRC.

 

[maflynn]

he I haven’t posted in the tread for a while is because all you do is try to point out all the things that person does wrong if they like and use 1Password.

Yeah, I kind of notice that and that's why my participation in the thread has decreased

 

[rembert]

- [...]The reasons I trust Bitwarden is that its FOSS+popular so if there is anything wrong with the code someone will pick it up. Also I felt better about storing the data in the cloud since I learned it gets encrypted locally then the encrypted file is sent to the cloud so even if someone gets his hands on it they can not do much with it. [...]

Don't confuse FOSS+popular with being a guarantee issues will be picked up. It's not.

The local encryption seems nice but what if the browser gets comprimised? Or the operating system? Security audits do focus on this matter. If you're paranoid, just stay away from the browser plugins, whatever password manager you're using.

As an early adopter of 1Password I loved it and even accepted reluctantly to rebuy 1Password a couple of times as it was required with some major upgrade of their software.My love ended with their introduction of the subscription model and their explanation of 150 full time employees needing to be paid. After Bitwarden passed their first security audit I migrated to Bitwarden, as it quite closely resembles the early (and IMO best) versions of 1Password. I couldn't get used to solutions like Lastpass, Dashlane or Enpass.

My favorite feature with 1Password: with the autofill of a username/password combo, the 2FA code is in the scrap, automagically: just paste it. This allows for quick logins, even with 2FA.

Bitwarden made their subscription model less confusing but guess some improvement can be done here. Like many, I'm on a personal premium account (with yubi key support).

 

[bradl]

Don't confuse FOSS+popular with being a guarantee issues will be picked up. It's not.

The local encryption seems nice but what if the browser gets comprimised? Or the operating system? Security audits do focus on this matter. If you're paranoid, just stay away from the browser plugins, whatever password manager you're using.

Those would be out of scope of the password manager. If the browser got compromised, that could be anything from end-user error to insecure network to code. Same goes with the OS. That would be well and truly outside the scope of any password manager, but depending on the type of compromise, should not affect the vault that is encrypted. For example, if Bitwarden encrypts a user's vault successfully, but that vault is susceptible to corruption due to some compromised vulnerability on the filesystem of the OS, the corruption isn't Bitwarden's fault; it's the fault of the vulnerability in the OS.

As an early adopter of 1Password I loved it and even accepted reluctantly to rebuy 1Password a couple of times as it was required with some major upgrade of their software.My love ended with their introduction of the subscription model and their explanation of 150 full time employees needing to be paid. After Bitwarden passed their first security audit I migrated to Bitwarden, as it quite closely resembles the early (and IMO best) versions of 1Password. I couldn't get used to solutions like Lastpass, Dashlane or Enpass.

My favorite feature with 1Password: with the autofill of a username/password combo, the 2FA code is in the scrap, automagically: just paste it. This allows for quick logins, even with 2FA.

Bitwarden made their subscription model less confusing but guess some improvement can be done here. Like many, I'm on a personal premium account (with yubi key support).

If they offered a solution for something like Synology or that could rest on a non-public facing NAS, I'd consider Bitwarden, especially if I could just grab the clients and point it to my NAS as its vault. But if I have to pay a subscription for that, then it's a pass. That's why I went with Enpass. But if Bitwarden goes have a few other offerings, then I could jump on that as well.

BL.

 

[MacBH928]

Yeah, I kind of notice that and that's why my participation in the thread has decreased

This thread is open for everyone to discuss freely. If you do not like me, you do not have to address me. If you do not care about the topic you do not have to participate in it. I do not believe in the ideology of cancel culture where you have to say pleasant things or things that appeal to the public appeal or I will mod/block you. I let everyone speak their minds and accept critism. I have previously defended myself about 1password users choice, and provided a reason to actually choose 1password if you like it. This reason(s), and for most participants of this thread, is not enough to stick with 1PW.

Don't confuse FOSS+popular with being a guarantee issues will be picked up. It's not.

The local encryption seems nice but what if the browser gets comprimised? Or the operating system? Security audits do focus on this matter. If you're paranoid, just stay away from the browser plugins, whatever password manager you're using.

Still better than closed source. A FOSS app issue is more likely to be picked up than a closed source one for the least reason that more eyes are auditing it and reviewing it.

The same critism could be made for all password managers. They all work via an extension except for Codebook, I am not sure how Codebook autofills Safari and it only works on Safari (at least on MacOS). If the OS gets compromised then even your native app won't help you, will it?

If I stay away from browser plugin how can I autofill? Should I be worried about browser plugins/extensions?

As an early adopter of 1Password I loved it and even accepted reluctantly to rebuy 1Password a couple of times as it was required with some major upgrade of their software.My love ended with their introduction of the subscription model and their explanation of 150 full time employees needing to be paid.

Completely agree. I was a major 1PW advocate. I still think its the best password manager out there (the app) but I won't bend to their unethical business practices.

I have a good feeling that those 150 full time employeess are outsourced over shore cheaper developers from southeast Asia like those calling centers. After all, a capitalists main goal is to achieve maximum profit. Those investors who poured $620,000,000 into Agilebits want to see that number multiplied. But yeah... $80 license is not sustainable.

After Bitwarden passed their first security audit I migrated to Bitwarden, as it quite closely resembles the early (and IMO best) versions of 1Password. I couldn't get used to solutions like Lastpass, Dashlane or Enpass.

Enpass is most similar to 1PW but no where as polished 🙁 . What bothered you about the other services? they all work similarly.

My favorite feature with 1Password: with the autofill of a username/password combo, the 2FA code is in the scrap, automagically: just paste it. This allows for quick logins, even with 2FA.

What you mean username/password combo? All passwords managers fill both (i think?)

Bitwarden made their subscription model less confusing but guess some improvement can be done here. Like many, I'm on a personal premium account (with yubi key support).

hard to say no to Bitwarden since it free and even the subscription is only $10/year . I do not use 2FA but will be subscribing in support for their work.

Those would be out of scope of the password manager. If the browser got compromised, that could be anything from end-user error to insecure network to code. Same goes with the OS. That would be well and truly outside the scope of any password manager, but depending on the type of compromise, should not affect the vault that is encrypted. For example, if Bitwarden encrypts a user's vault successfully, but that vault is susceptible to corruption due to some compromised vulnerability on the filesystem of the OS, the corruption isn't Bitwarden's fault; it's the fault of the vulnerability in the OS.

Isn't this mitgated by keeping multiple previous copies of the vault by the password managers? 1PW+Enpass do this not sure about Bitwarden since it stores in the cloud. Well...so does 1PW but I guess all of them have backups.

If they offered a solution for something like Synology or that could rest on a non-public facing NAS, I'd consider Bitwarden, especially if I could just grab the clients and point it to my NAS as its vault. But if I have to pay a subscription for that, then it's a pass. That's why I went with Enpass. But if Bitwarden goes have a few other offerings, then I could jump on that as well.

BL.

I heard there a free modified version of Bitwarden called Vaultwarden. I do not know the difference and the know how but this is what I was told, It was specifically made to not pay for hosting on your own storage.

How do you find Enpass autofill? Bitwarden is much better IMO especially with adding custom fields which is not available in 1PW AFAIK.

 

[MisterSavage]

My favorite feature with 1Password: with the autofill of a username/password combo, the 2FA code is in the scrap, automagically: just paste it. This allows for quick logins, even with 2FA.

FYI, Bitwarden can do that also. I use the Bitwarden keyboard shortcut to fill in the username/password and then on the next screen I can ctrl-v to paste the TOTP code that it placed in the buffer.

 

[bradl]

Isn't this mitgated by keeping multiple previous copies of the vault by the password managers? 1PW+Enpass do this not sure about Bitwarden since it stores in the cloud. Well...so does 1PW but I guess all of them have backups.

It should, yes, especially if you store those vaults in different locations. But if you store that vault locally on your own local machine, and the filesystem corruption or the compromise happens on that drive on that local machine, there goes your vault, and one can't take the chance assuming that the vault is okay. One would have to assume the worst.

Ideally, you'd want to store it in multiple locations, but if that isn't possible, one could use different formatted filesystems on different drives, and store a copy of the vault on each drive. Caveats would apply here: the user would have to make sure that both vaults stay up to date, and that if the local machine is compromised, they are already screwed to begin with.

In my case, I have the vault on my windows client of Enpass (NTFS formatted disk) syncing to my vault on my Mac (APFS), but also storing my vault's backups on my Synology NAS (XFS formatted, in RAID 1).

I heard there a free modified version of Bitwarden called Vaultwarden. I do not know the difference and the know how but this is what I was told, It was specifically made to not pay for hosting on your own storage.

Hmm.. I may have to look into that, but I believe I would still have to build the backend to host everything in addition to having the frontend. While I can do that, I was hoping I wouldn't have to, as no compilers come installed by default for the NAS I have, and would require a new NAS altogether to install Docker.

How do you find Enpass autofill? Bitwarden is much better IMO especially with adding custom fields which is not available in 1PW AFAIK.

It works, albeit a bit wonky. It isn't as smooth as 1PW was, but does get the job done. For that, Enpass can use a bit more work.

BL.

 

[Alwis]

Vaultwarden is an alternative implementation of the Bitwarden server, which is a lot easier to install. It has not all the features of Bitwarden but all the features I need. It can be used with the original Bitwarden apps or via the web interface.

With Vaultwarden you can host your own Bitwarden server locally with just one docker container. As I will never store my password on someone else server this is a huge plus for me. I would not mind paying for it, for me it is all about the location the passwords are stored and the is the main reason why I will not upgrade to 1PW 8.

 

[MacBH928]

Does anyone think 1Password will die ?

I hope! Because I do not support unethical business behaviour but we just have to see how the people will respond in a year or 2. Do they find it still worthy to keep subscribing or new alternatives and current ones could improve so much that they no longer need 1PW? Plus 1PW has an enterprise side to them, so those businesses keep paying. There could be an unexpected reaction and other password managers also move to cloud storage+subscription model and we will then be out of luck and 1PW won't be any worse than the others, so pick your poison.

They could remain as a hated company like FB or Comcast I think, but they could also destroy themselves like Blockbuster, Yahoo, MySpace...

As I am switching everything away from iCloud out of security concerns.. I did give 1pass a try for the last few weeks.. Its honestly not bad... I hate having to pay for something like this... But I do feel that its worth it. I just wish I had something that was self hosted..

Which password manager did you settle on?

 

[MacBH928]

Vaultwarden is an alternative implementation of the Bitwarden server, which is a lot easier to install. It has not all the features of Bitwarden but all the features I need. It can be used with the original Bitwarden apps or via the web interface.

With Vaultwarden you can host your own Bitwarden server locally with just one docker container. As I will never store my password on someone else server this is a huge plus for me. I would not mind paying for it, for me it is all about the location the passwords are stored and the is the main reason why I will not upgrade to 1PW 8.

What does alternative implementation? Did they write their own code to be compatible with Bitwarden or stole the Bitwarden code? Does it work 100% or has issues?

If you do not mind paying why not go with Bitwarden? Or is that too expensive for the single user?

 

[Alwis]

If you do not mind paying why not go with Bitwarden? Or is that too expensive for the single user?

They have their own implementation of the Bitwarden API: https://github.com/dani-garcia/vaultwarden

I am using it because it is easier to setup in a home environment. The Bitwarden self hosting setup is more of a hassle and to heavyweight for my needs.

As any other software it has some bugs: https://github.com/dani-garcia/vaultwarden/issues But my test installation runs without any issues for several month.

As I have a 1PW 7 perpetual license I will stick with this as long as it is supported by new versions of the OS, I like the UI more than Bitwarden. Than I will switch completly to Bitwarden/Vaultwarden.

 

[MacBH928]

Even though I have Strongbox, (lifetime purchase) I went ahead and subscribed to Secure 6 premium for a year at the discounted price of $14.49 for previous version 5 ro users. I appreciate the communication ahead of time about the transition and I don't mind supporting developers who are working hard. After a year, I will re-evaluate msecure's quality of work and communication and support and then make a determination as to whether I will continue supporting at the reduced price for established members.

I believe in having backups of my backups. If something goes wrong with Strongbox or Bitwarden, I should still have access to my vault with msecure.

How is that going? I checked their website, GUI looks nice. Didn't notice if they have local storage. Updates and communication seem far and few in between. Being subscription is immediate no for me. I would have liked to support them but they are not showing much reason for why would one pick on their solution over more active and established ones like 1password.

 

[usualpulp]

They have their own implementation of the Bitwarden API: https://github.com/dani-garcia/vaultwarden

I am using it because it is easier to setup in a home environment. The Bitwarden self hosting setup is more of a hassle and to heavyweight for my needs.

As any other software it has some bugs: https://github.com/dani-garcia/vaultwarden/issues But my test installation runs without any issues for several month.

As I have a 1PW 7 perpetual license I will stick with this as long as it is supported by new versions of the OS, I like the UI more than Bitwarden. Than I will switch completly to Bitwarden/Vaultwarden.

thats what i've been using for the last 6months because i wanted to self host and vaultwarden was the best implementation of that for me. and once setup its all exactly the same as bitwarden hosted but i control my data

 

[MacBH928]

They have their own implementation of the Bitwarden API: https://github.com/dani-garcia/vaultwarden

I am using it because it is easier to setup in a home environment. The Bitwarden self hosting setup is more of a hassle and to heavyweight for my needs.

As any other software it has some bugs: https://github.com/dani-garcia/vaultwarden/issues But my test installation runs without any issues for several month.

As I have a 1PW 7 perpetual license I will stick with this as long as it is supported by new versions of the OS, I like the UI more than Bitwarden. Than I will switch completly to Bitwarden/Vaultwarden.

Thanks for sharing. If I was you I would switch right away because Agilebits (I believe) will not be releasing any updates to 1PW 7. I figure this might have some security issues especially with the extension. You won't get security patches/updates.

If there are no possible security threats I would say keep on using it. I used to keep my older version of 1PW but I believe they used to security patch those even if I do not get any new features.

 

[MacBH928]

thats what i've been using for the last 6months because i wanted to self host and vaultwarden was the best implementation of that for me. and once setup its all exactly the same as bitwarden hosted but i control my data

Does it work when you are away from home? I am going to guess your server is connected online and can be accessed from the outside web? Is there any risk of having your own cloud setup accessed from the outside web? I mean I do not like having my data stored in someone's cloud, but Agilebit and Bitwarden have professionals monitoring 24/7(probably) and thats better than me doing my own monitoring. Heck Dashlane and Lastpass are corporates they still got hacked.

 

[max2]

Yeah, I kind of notice that and that's why my participation in the thread has decreased

Same.

 

[bradl]

They have their own implementation of the Bitwarden API: https://github.com/dani-garcia/vaultwarden

I am using it because it is easier to setup in a home environment. The Bitwarden self hosting setup is more of a hassle and to heavyweight for my needs.

As any other software it has some bugs: https://github.com/dani-garcia/vaultwarden/issues But my test installation runs without any issues for several month.

As I have a 1PW 7 perpetual license I will stick with this as long as it is supported by new versions of the OS, I like the UI more than Bitwarden. Than I will switch completly to Bitwarden/Vaultwarden.

If you have a 1PW 7 perpetual license, that should work forever, as the binary for it should be a universal binary, and not one that depends on Rosetta 2. You're in the sweet spot there, as it will survive the dropping of Rosetta 2 and all Intel support.

BL.

 

[usualpulp]

Does it work when you are away from home? I am going to guess your server is connected online and can be accessed from the outside web? Is there any risk of having your own cloud setup accessed from the outside web? I mean I do not like having my data stored in someone's cloud, but Agilebit and Bitwarden have professionals monitoring 24/7(probably) and thats better than me doing my own monitoring. Heck Dashlane and Lastpass are corporates they still got hacked.

i do not have it exposed to the internet at all but bit warden doesn’t need it the client holds the info so as long as it gets synced while at home the client will be current

 

[rmadsen3]

If you have a 1PW 7 perpetual license, that should work forever, as the binary for it should be a universal binary, and not one that depends on Rosetta 2. You're in the sweet spot there, as it will survive the dropping of Rosetta 2 and all Intel support.

BL.

But what about Safari updates? Apple's 'security theater' and whatnot?

 

[bradl]

But what about Safari updates? Apple's 'security theater' and whatnot?

Which has nothing to do with 1Password 7. Those can keep updating all that is needed, as they have no impact on the 1Password 7 application. I keep getting security updates for Safari on Sierra when/if they are available, and they have no affect on my installation of 1Password 6 on it, and that is a perpetual license, which will work forever, or for as long as that Mac still runs.

BL.

 

[MacBH928]

If you have a 1PW 7 perpetual license, that should work forever, as the binary for it should be a universal binary, and not one that depends on Rosetta 2. You're in the sweet spot there, as it will survive the dropping of Rosetta 2 and all Intel support.

BL.

Which has nothing to do with 1Password 7. Those can keep updating all that is needed, as they have no impact on the 1Password 7 application. I keep getting security updates for Safari on Sierra when/if they are available, and they have no affect on my installation of 1Password 6 on it, and that is a perpetual license, which will work forever, or for as long as that Mac still runs.

BL.

Wouldn't 1PW need security fixes?

 

[bradl]

Wouldn't 1PW need security fixes?

From their site:

Download 1Password for Mac | 1Password

Need a Mac password manager? Download 1Password's macOS app and Safari extension. The best password manager for Apple devices like iPhone, iPad and Apple Watch.

1password.com

If you’re using an older version of macOS, you can use an older version of 1Password.

Remember that these versions are no longer supported and only receive important security updates.

• 1Password 7 for Mac
  macOS High Sierra 10.13 or later.
• 1Password 6.8.9 for Mac
  OS X El Capitan 10.11, OS X Yosemite 10.10

They'll still get security fixes.

BL.

 

[MacBH928]

From their site:

Download 1Password for Mac | 1Password

Need a Mac password manager? Download 1Password's macOS app and Safari extension. The best password manager for Apple devices like iPhone, iPad and Apple Watch.

1password.com

They'll still get security fixes.

BL.

ah...makes since to stick with 1PW then . They even support 6 still. I thought they abandoned them completely.

 

[bradl]

ah...makes since to stick with 1PW then . They even support 6 still. I thought they abandoned them completely.

Exactly.. they are still supported, with exception to the architecture issue that is going to come up when Rosetta 2 is dropped from MacOS. At that point, 1PW 6 will still continue to be supported for those operating systems it can run on, but will not be able to run on anything non-Intel. 1PW 7 will.

BL.