1Password migrants thread

[4743913]

I look at my 1Password subscription as insurance to keep it from becoming Last Pass. Subscriptions are scummy but in some cases necessary. Without a steady revenue stream, some developers will inevitably become lazy and cut corners "because they aren't getting paid".

 

[max2]

I look at my 1Password subscription as insurance to keep it from becoming Last Pass. Subscriptions are scummy but in some cases necessary. Without a steady revenue stream, some developers will inevitably become lazy and cut corners "because they aren't getting paid".

This is very true but still refuse to use 1Password anymore.

I will pay a subscription for a app service that I feel is worth it though. Like when they offer a lifetime option though.

 

[4743913]

This is very true but still refuse to use 1Password anymore.

I will pay a subscription for a app service that I feel is worth it though. Like when they offer a lifetime option though.

you should google filmora "lifetime license".

 

[MacBH928]

I look at my 1Password subscription as insurance to keep it from becoming Last Pass. Subscriptions are scummy but in some cases necessary. Without a steady revenue stream, some developers will inevitably become lazy and cut corners "because they aren't getting paid".

You do realise that LastPass is a cloud storage subscription service exactly like 1password right? So your idea that a steady revenue of stream will insure your security is moot.

KeePass is FOSS and free and have been around for 20 years but I do not hear any one got password leak on KeePass

 

[Mr. Heckles]

You do realise that LastPass is a cloud storage subscription service exactly like 1password right? So your idea that a steady revenue of stream will insure your security is moot.

I wouldn't say exactly. Lastpass didn't encrypt the URL's. Lastpass also questionable things like not updating the iterations on older accounts (I think anything pre 2018 had only 5000?). Are they the same that a person pays a monthly subscription, sure. I have a feeling we are going to learn a lot from Lastpass, and none will be good.

LastPass hasn't really added any features lately too. I had it to play with (I never had any real data in it) so I can help people who did use it. 1Password, they are constantly adding features (1Password 7 and older) (1Password 8 and newer).

KeePass is FOSS and free and have been around for 20 years but I do not hear any one got password leak on KeePass

Now while KeePass is good, is it far from user friendly. If you look at their site that shows what apps support KeePass, none of them are 100% cross platform. You have to mix and match some of these apps to get on different platforms. Now the fun part of this.... some on that list haven't been updated in years.

iKeePass - Last updated 6 years ago
SyncPass - no longer in the app store
Passwordix - Last updated 5 years ago

These are just ones I spot checked, and I wasn't going to check them all. While Keepass itself is free, a lot of these apps are not.

Now you need a way to sync all of these, probably Dropbox. If you have more than 3 devices on Dopbox, now you have to pay a subscription. The cheapest plan for Dropbox is $9.99 a month (if you pay yearly).... way more than any password manager. Also, Dropbox has been breached... a few times. That being said, I personally feel much safer having 1Passwords Secret Key's 35 random numbers and letters (40 if you include the dashes) along with my master password to protect my data.

Most of these apps are not user friendly. I don't mind them, but some are downright garbage when it comes to usability. I know my wife and kids would have a hard time with them. KeePass isn't meant for a family also. If it was just me (and not my family) and I only used Apple, Strongbox is nice.

KeePass and other FOSS works if people volunteer their time. It's cool they do if for free, but if someone creates something and charges, cool too. I just need to make sure it's worth the cost.

When people volunteer and don't have time for whatever reasons, things don't get done. To me, that's an issue, and probably why some of the apps I listed above haven't been updated in 5+ years.

I do a lot of free and volunteer for things, but I will go for weeks, sometimes months and don't have time. What happens to these apps when the volunteers don't have the time for a while? When people are paid for their work and that's their livelihood, so I personally feel safer, because they have a lot to lose if they don't deliver.

 

[MacBH928]

I wouldn't say exactly. Lastpass didn't encrypt the URL's. Lastpass also questionable things like not updating the iterations on older accounts (I think anything pre 2018 had only 5000?). Are they the same that a person pays a monthly subscription, sure. I have a feeling we are going to learn a lot from Lastpass, and none will be good.

LastPass hasn't really added any features lately too. I had it to play with (I never had any real data in it) so I can help people who did use it. 1Password, they are constantly adding features (1Password 7 and older) (1Password 8 and newer).


Now while KeePass is good, is it far from user friendly. If you look at their site that shows what apps support KeePass, none of them are 100% cross platform. You have to mix and match some of these apps to get on different platforms. Now the fun part of this.... some on that list haven't been updated in years.

iKeePass - Last updated 6 years ago
SyncPass - no longer in the app store
Passwordix - Last updated 5 years ago

These are just ones I spot checked, and I wasn't going to check them all. While Keepass itself is free, a lot of these apps are not.

Now you need a way to sync all of these, probably Dropbox. If you have more than 3 devices on Dopbox, now you have to pay a subscription. The cheapest plan for Dropbox is $9.99 a month (if you pay yearly).... way more than any password manager. Also, Dropbox has been breached... a few times. That being said, I personally feel much safer having 1Passwords Secret Key's 35 random numbers and letters (40 if you include the dashes) along with my master password to protect my data.

Most of these apps are not user friendly. I don't mind them, but some are downright garbage when it comes to usability. I know my wife and kids would have a hard time with them. KeePass isn't meant for a family also. If it was just me (and not my family) and I only used Apple, Strongbox is nice.

KeePass and other FOSS works if people volunteer their time. It's cool they do if for free, but if someone creates something and charges, cool too. I just need to make sure it's worth the cost.

When people volunteer and don't have time for whatever reasons, things don't get done. To me, that's an issue, and probably why some of the apps I listed above haven't been updated in 5+ years.

I do a lot of free and volunteer for things, but I will go for weeks, sometimes months and don't have time. What happens to these apps when the volunteers don't have the time for a while? When people are paid for their work and that's their livelihood, so I personally feel safer, because they have a lot to lose if they don't deliver.

Well I was trying to make a point that selling the idea that if the business turns subscription (constant stream) it will make it safe is a false argument proven by LastPass which is a subscription based service. To further prove the point, 1password was 1 time purchase, Enpass still is, and Keepass is free. Still no issues after over a decade of use. None of them need(ed) the constant stream to stay secure. So subscription(constant stream) ≠ Secure.

As for usability, you are correct. Keepass for me sucks and I rather pay for something than use that for free. As for syncing, I do not want to sync via cloud. In fact I want a local sync. To each his own, so no dropbox needed for people like me+ there are other cloud storage that might not have device limit even on a free plan idk.

As for FOSS development, I always imagined that even if one guy/original developer disappears some other random dudes online come to continue the work. YES that is how I think FOSS software works. What I do not understand is who manages it as in, who decides what new code or feature gets implemented. I know something like GIMP and VLC has some sort of an organization behind it but things like 7zip and Transmission(torrent) idk who manages it. I tend to use FOSS software that has a reliable "group" behind it (Ex.Pihole, uBlockOrigin) or backed by an organization (Debian, FireFox, etc)

 

[Digital Dude]

Really detailed information so thanks for posting! 👍
I use 1Password Family, and I still have the standalone. I almost went to work for the company in the early years. I cautioned them not get too carried away with the feature sets. Unfortunately, they wanted to keep it fresh so it got overdeveloped like anything else. It certainly isn’t as easy to use for beginners like the it used to be 🤷‍♂️

 

[MacBH928]

Really detailed information so thanks for posting! 👍
I use 1Password Family, and I still have the standalone. I almost went to work for the company in the early years. I cautioned them not get too carried away with the feature sets. Unfortunately, they wanted to keep it fresh so it got overdeveloped like anything else. It certainly isn’t as easy to use for beginners like the it used to be 🤷‍♂️

This is another issue with subscription apps, they keep adding features (aka bloat) to keep it "fresh" so they justify the continuous stream of cash flow /rent.

By the magic of the internet, if an app developer makes an app for $50 and sells a 100K licenses world wide ($5M) this should keep them going for few years until the next upgrade is released and maybe they sell yet another 50K($2.5M) from upgraders and so on.

SAAS supporters claim that this is not sustainable model. I am not a programmer so I can never speak if its true or not.

 

[maflynn]

By the magic of the internet, if an app developer makes an app for $50 and sells a 100K licenses world wide ($5M) this should keep them going for few years until the next upgrade is released and maybe they sell yet another 50K($2.5M) from upgraders and so on.

I think one of the issues communicated with perpetual license is cash on hand. All of the money is made in the early days of the new version. Many banks and financial institutions don't like seeing intermittent spikes (software upgrades) followed by flat income, it gets harder to raise money and/or manage the money.

Also for companies like AgileBits, we're not talking about 1 programmer, they have a team of developers, and other employees. I think that 5 million doesn't go as far as you think it does, and finally its not 5 million because of the taxman.

I've worked in the computer industry of decades and enterprise software was always subscription based, I started in the 1980s and that's just what it was. I definitely preferred perpetual for my software needs but I see why MS/Adobe and the rest of the industry moved there. They saw the $$ that the IBMS, and Oracles of the world were making.

I'm not advocating subscription based licenses, on the contrary, they're bad for the consumer, but I do see why they did it, and the logic in going in that direction. I'm also not saying perpetual licenses are unsustainable, because they clearly were and are but its now the world we live in

 

[MacBH928]

I think one of the issues communicated with perpetual license is cash on hand. All of the money is made in the early days of the new version. Many banks and financial institutions don't like seeing intermittent spikes (software upgrades) followed by flat income, it gets harder to raise money and/or manage the money.

Also for companies like AgileBits, we're not talking about 1 programmer, they have a team of developers, and other employees. I think that 5 million doesn't go as far as you think it does, and finally its not 5 million because of the taxman.

I've worked in the computer industry of decades and enterprise software was always subscription based, I started in the 1980s and that's just what it was. I definitely preferred perpetual for my software needs but I see why MS/Adobe and the rest of the industry moved there. They saw the $$ that the IBMS, and Oracles of the world were making.

I'm not advocating subscription based licenses, on the contrary, they're bad for the consumer, but I do see why they did it, and the logic in going in that direction. I'm also not saying perpetual licenses are unsustainable, because they clearly were and are but its now the world we live in

I am not sure why they care about banks but I agree that if their plan is to raise money and please the investor (not the consumer) a successful subscription is a better option.

In 1password's case they do not have a 100K user base but more like lets assume 5 million at $80 we are talking about $40 Million. Split over 5 years between releases, should be about $8M a year/ $666K month . As a software developer, you tell me if this is enough to write a password manager as idk. I also think 1password is over employing.

As for IBM, Adobe, Oracle, and Microsoft , I am against subscription, but honestly I rather pay a $10/month to use their complex and sophisticated software over paying $500-1000 at one go. The $10 is basically financing of the software and in 5 years time where the next major update comes along you would have paid about $600.

So yeah, I rather pay $600 over the course of 5 years over $500 one go. You also get a "service" which is 1TB of cloud storage(in MS 365 case) so thats makes it even more valuable than standalone app.

 

[bradl]

I am not sure why they care about banks but I agree that if their plan is to raise money and please the investor (not the consumer) a successful subscription is a better option.

In 1password's case they do not have a 100K user base but more like lets assume 5 million at $80 we are talking about $40 Million. Split over 5 years between releases, should be about $8M a year/ $666K month . As a software developer, you tell me if this is enough to write a password manager as idk. I also think 1password is over employing.

As for IBM, Adobe, Oracle, and Microsoft , I am against subscription, but honestly I rather pay a $10/month to use their complex and sophisticated software over paying $500-1000 at one go. The $10 is basically financing of the software and in 5 years time where the next major update comes along you would have paid about $600.

So yeah, I rather pay $600 over the course of 5 years over $500 one go. You also get a "service" which is 1TB of cloud storage(in MS 365 case) so thats makes it even more valuable than standalone app.

Understandable, but another determining factor here is the length of time. If you're only going off of the span of a year, then yes, I could see where the subscription model would be a better option. But if you're looking at a standalone license, which in effect would be in perpetuity or until you decide to get another license (read: upgrade), then that term changes, and the better value shifts to the standalone app. For example: If 1PW went to that subscription model when 1PW 6 was released 2016 (for the sake of the post, let's say it was released in January 2016), at $10/month, as of today we are looking at 84 months, which would give us paying $840 over the span of the subscription. Even if I didn't find a discount for the standalone app, that's an extra $340 versus the standalone application.

BL.

 

[drumcat]

Lifetime doesn't seem to bother Minimalist. That's because this whole subscription nonsense is predicated around who runs the sync service.

If you offer a product that hitchhikes on iCloud, subs aren't necessary.

 

[bradl]

Lifetime doesn't seem to bother Minimalist. That's because this whole subscription nonsense is predicated around who runs the sync service.

If you offer a product that hitchhikes on iCloud, subs aren't necessary.

One of the issues with this is cloud based services to begin with. Cloud-based services are great for convenience and getting data when you need it, but the issue comes up with trusting that the data you need will be secure when it needs to be secured the most. The latest LastPass breach tells you all that needs to be known about cloud-based SaaS that hold such sensitive data. For such sensitive data as passwords, PII, PCI, and PHI data, one should never have to give up autonomy over control of that data.

BL.

 

[Apple_Robert]

Lifetime doesn't seem to bother Minimalist. That's because this whole subscription nonsense is predicated around who runs the sync service.

If you offer a product that hitchhikes on iCloud, subs aren't necessary.

Minimalist no longer offers a Lifetime option. I am glad I got the Lifetime plan before it was removed.

 

[MacBH928]

Understandable, but another determining factor here is the length of time. If you're only going off of the span of a year, then yes, I could see where the subscription model would be a better option. But if you're looking at a standalone license, which in effect would be in perpetuity or until you decide to get another license (read: upgrade), then that term changes, and the better value shifts to the standalone app. For example: If 1PW went to that subscription model when 1PW 6 was released 2016 (for the sake of the post, let's say it was released in January 2016), at $10/month, as of today we are looking at 84 months, which would give us paying $840 over the span of the subscription. Even if I didn't find a discount for the standalone app, that's an extra $340 versus the standalone application.

BL.

you made a mistake and calculated at $10/Month its $3 month so the real price would be $252 versus $80 purchase which should be $172 extra and 3x as much in subscription model. In fact if you bought at $80 in 2016 and again at $90 in 2022 you would still pay $170 which is still $82 less. That $82 x 5million users (guessing) = $410 million, thats why 1password want to convince people that subscription is better for the user 🤣🤣

Lifetime doesn't seem to bother Minimalist. That's because this whole subscription nonsense is predicated around who runs the sync service.

If you offer a product that hitchhikes on iCloud, subs aren't necessary.

They actually offer the cloud service to make an excuse for the monthly rent thats why they actually had local storage but canceled that feature. They say the cloud is "more convenient" , so why not let me use my own cloud storage? Which was a feature they actually had. I get free 5GB on my icloud account, my current Enpass vault is 600KB, i hope I have enough icloud storage for that 😂😂

Not only Minimalist but many reputable apps are thriving with lifetime including Transmit by panic and Little Snitch by Objective Development and many many others. Heck some are surviving on donations like Apollo reddit client and Pihole.

Minimalist no longer offers a Lifetime option. I am glad I got the Lifetime plan before it was removed.

Does lifetime mean forever updates? I am not aware of many apps that offer this because most offer a license to use forever but you won't be getting forever features and updates. Maybe updates for few years in the future but thats it which is fair in my book

 

[Apple_Robert]

you made a mistake and calculated at $10/Month its $3 month so the real price would be $252 versus $80 purchase which should be $172 extra and 3x as much in subscription model. In fact if you bought at $80 in 2016 and again at $90 in 2022 you would still pay $170 which is still $82 less. That $82 x 5million users (guessing) = $410 million, thats why 1password want to convince people that subscription is better for the user 🤣🤣



They actually offer the cloud service to make an excuse for the monthly rent thats why they actually had local storage but canceled that feature. They say the cloud is "more convenient" , so why not let me use my own cloud storage? Which was a feature they actually had. I get free 5GB on my icloud account, my current Enpass vault is 600KB, i hope I have enough icloud storage for that 😂😂

Not only Minimalist but many reputable apps are thriving with lifetime including Transmit by panic and Little Snitch by Objective Development and many many others. Heck some are surviving on donations like Apollo reddit client and Pihole.



Does lifetime mean forever updates? I am not aware of many apps that offer this because most offer a license to use forever but you won't be getting forever features and updates. Maybe updates for few years in the future but thats it which is fair in my book

Unless they change course, updates were included in the lifetime option I purchased. They do offer something similar with the early adopter for $99.

 

[drumcat]

Minimalist no longer offers a Lifetime option. I am glad I got the Lifetime plan before it was removed.

Wow. Why is it these things always turn to custard?

Honestly I'm not worried too much about the cost -- it's the monthly drain. I don't rent software.

 

[Icelus]

Bitwarden design flaw: Server side iterations

Bitwarden is a hot candidate for a LastPass replacement. Looking into how they encrypt data, it doesn’t do things that much better however.

palant.info

 

[MacBH928]

Bitwarden design flaw: Server side iterations

Bitwarden is a hot candidate for a LastPass replacement. Looking into how they encrypt data, it doesn’t do things that much better however.

palant.info

how about a dumbed down statement for us simplton folks? Bitwarden has been around for 7 years, not 1 account has been breached AFAIK. How worried should we be?

 

[Huntn]

Feb 2023- Codebook… still working for me. No it’s not as polished as 1PW but it‘s good enough, does the job and among the most important aspects, it has an independent stand alone vault.

 

[bradl]

Apparently, there has been some rumbling in the Bitwarden world, with how their encryption methods may have a design flaw in it.

Bitwarden responds to encryption design flaw criticism

Password vault vendor accused of making a hash of encryption

portswigger.net

Bitwarden has responded to the issue, but is saying that the solution for it is a "feature request"...? 🤨

BL.

 

[kpluck]

Without a steady revenue stream, some developers will inevitably become lazy and cut corners "because they aren't getting paid".

Some would argue that is exactly what has happened with Agilebits and 1Password 8 even though they have had subscriptions for awhile.

-kp

 

[4743913]

Some would argue that is exactly what has happened with Agilebits and 1Password 8 even though they have had subscriptions for awhile.

-kp

before I started giving them money, I didn't have 1Password on my Windows machine. Now I do. Same with TextExpander. I don't live in a Mac only world. The only subs I pay are the ones that go beyond "updates".

 

[MacBH928]

Apparently, there has been some rumbling in the Bitwarden world, with how their encryption methods may have a design flaw in it.

Bitwarden responds to encryption design flaw criticism

Password vault vendor accused of making a hash of encryption

portswigger.net

Bitwarden has responded to the issue, but is saying that the solution for it is a "feature request"...? 🤨

BL.

anything we should be alerted about? or this is some sort of " in theory..." would happen but no one was successful at breaching the encryption yet?

plus why is this upcoming now? bitwarden was always foss so every one saw the encryption from day 1.

 

[bradl]

anything we should be alerted about? or this is some sort of " in theory..." would happen but no one was successful at breaching the encryption yet?

plus why is this upcoming now? bitwarden was always foss so every one saw the encryption from day 1.

the Linux kernel has been FOSS since day one; however, all Pentium IIs and AMDs at the time suffered from the F00F bug, and that one had been around for at least 5 years at the time it was was patched. That was both a software and design flaw in the CPU's architecture as well as the kernel.

Same goes for the Spectre and Meltdown bugs, which affected every CPU except ARM. Intel's code for it was FOSS, and numerous developers, including Linus Torvalds himself stated it to be complete garbage and implemented a better solution.

To answer your question of why this is coming up now, this all stems from everyone taking more forensic looks at code due to the LastPass breach. Everyone is on edge, so everyone is getting a deeper look into their implementations.

BL.