1Password migrants thread

[MacBH928]

I have recently reimported my data in Bitwarden. Their import utility is pretty robust. It was seamless. If like you are searching for an alternative password manager they have everyone listed in there to import from.

I also joined their premium subscription at $10/year. I don't need it but out of support. $10 a year is an absolute steal!

They also have the exact same thread for Bitwarden. I bet if I look at the other Reddits for password managers, I’ll find more.

Its indeed a choice like most other things.

 

[Alwis]

1Password has/ had a nice UI and better marketing. I can't see a reason to use it over any other password software.
It is inconsistent in its UI, in proposing passwords sometimes, sometimes not, sometimes saves passwords you generate, sometimes not.

The 1PW UI ist not perfect but after testing a lot of alternatives I still think, that it is the best out there. Bitwarden lacks structure, a bit of color would be good. The KeePass clones are bad in more complicated entries, e.g. when an entry has more than one password or attachements.

That said, I will never ever store my passwords on someone else's server or server reachable from the internet.

If 1PW had keept the local storage and WLAN sync option it would still be my PW manager of choice. So I am switching to self hosted Bitwarden.

 

[johnkree]

The 1PW UI ist not perfect but after testing a lot of alternatives I still think, that it is the best out there. Bitwarden lacks structure, a bit of color would be good. The KeePass clones are bad in more complicated entries, e.g. when an entry has more than one password or attachements.

That said, I will never ever store my passwords on someone else's server or server reachable from the internet.

If 1PW had keept the local storage and WLAN sync option it would still be my PW manager of choice. So I am switching to self hosted Bitwarden.

1PW had a very good basis for years and even though their devs are trying very hard they can’t destroy it in this short time.
It is the most Mac looking app for sure. Bitwarden looks flat compared to it and the work flow isn’t that smooth.
And yes, Keepass and its clones are a mess on its own. I couldn’t agree more.
But then: how often do you need the main app of a password manager? I mean, a text editor or a browser should look nice. You spent hours looking at them. A password manager? After setup you will barley open the main app but will just use its browser plug-in or little helper in the menu bar for generating new passwords.
Most of the time it will sit in the background waiting for doing some autoinput magic.
This is the reason why I can live with the boring UI Bitwarden has.

 

[Alwis]

But then: how often do you need the main app of a password manager? I mean, a text editor or a browser should look nice. You spent hours looking at them. A password manager? After setup you will barley open the main app but will just use its browser plug-in or little helper in the menu bar for generating new passwords.

Actually I am using the main app quite a lot, as I also store secure notes and I have a lot of credentials I use outside of a brower context. ButI agree, as long as it is functional a nice looking UI is not that important. And regarding „functional“ Bitwarden is better than the KeePass apps I tested.

 

[MacBH928]

Does any one know if Bitwarden is FOSS or open source? the difference is in the license. If its FOSS it means any one can pick it up and mimic Bitwarden and create a direct competition. If its open source then you can see the code and compile it but you can not replicate it and make your own out of it.

Its more confusing since Bitwarden is both free and open source but not FOSS(Free and Open Source Software) 😛

The 1PW UI ist not perfect but after testing a lot of alternatives I still think, that it is the best out there. Bitwarden lacks structure, a bit of color would be good. The KeePass clones are bad in more complicated entries, e.g. when an entry has more than one password or attachements.

That said, I will never ever store my passwords on someone else's server or server reachable from the internet.

If 1PW had keept the local storage and WLAN sync option it would still be my PW manager of choice. So I am switching to self hosted Bitwarden.

I have to agree that app vs app , 1PW wins as best manager. I was a 1PW evangelist, i kept supporting them even when they hid the license purchase links. but now there are some serious caveats;-

-stores your data online
-you have to pay $3 monthly forever
-Electron app might not be pleasing but I have not tested it.

On the other hand, bitwarden:-

-Not every field is copyable
-Does not have an assistant app (must for me)
-App is electron as it seems but does not run in the background all the time
-Also stores your data online BUT its FOSS so I trust it more

One major advantage and killer feature:-

With bitwarden you can assign the correct ID of each field on a form so it will be able to fill every possible field for any login or form. I didn't see any other password manager that has this ability. No longer sites that the password manager can not autofill.

1PW had a very good basis for years and even though their devs are trying very hard they can’t destroy it in this short time.
It is the most Mac looking app for sure. Bitwarden looks flat compared to it and the work flow isn’t that smooth.
And yes, Keepass and its clones are a mess on its own. I couldn’t agree more.
But then: how often do you need the main app of a password manager? I mean, a text editor or a browser should look nice. You spent hours looking at them. A password manager? After setup you will barley open the main app but will just use its browser plug-in or little helper in the menu bar for generating new passwords.
Most of the time it will sit in the background waiting for doing some autoinput magic.
This is the reason why I can live with the boring UI Bitwarden has.

Actually I am using the main app quite a lot, as I also store secure notes and I have a lot of credentials I use outside of a brower context. ButI agree, as long as it is functional a nice looking UI is not that important. And regarding „functional“ Bitwarden is better than the KeePass apps I tested.

what @Alwis said. I am always playing and adjusting in the main app and the assistant app is a must for me. Currently I am doing an Enpass+Bitwarden setup. Enpass for the assistant app and local backup and Bitwarden for browser autofilling but keeping them in sync is not a seamless experience.

 

[riskymoth]

Just had this notice while using Chrome - looks like 1Password 7's utility is going to be greatly reduced sooner rather than later... I think I'll give Strongbox a try.

See: The 1Password classic extension will stop working soon

 

[scarez]

I have been using 1Password for several years now. I started when I began using eero routers, as they provide a number of services through their eero Secure+ subscription. I pay $9.99 a month and get 1Password Family, Encrypt.me VPN, Malwarebytes Premium and decent ad-blocking and DNS filtering on par with PiHole.

Course I have no problem paying for subscription services, but with eero Secure+ you get quite a lot for an affordable monthly price.

 

[MisterSavage]

1PW had a very good basis for years and even though their devs are trying very hard they can’t destroy it in this short time.
It is the most Mac looking app for sure. Bitwarden looks flat compared to it and the work flow isn’t that smooth.
And yes, Keepass and its clones are a mess on its own. I couldn’t agree more.
But then: how often do you need the main app of a password manager? I mean, a text editor or a browser should look nice. You spent hours looking at them. A password manager? After setup you will barley open the main app but will just use its browser plug-in or little helper in the menu bar for generating new passwords.

Completely agree. The Bitwarden app UI is clunky and ugly as hell. But I rarely use it. 95% of the time I'm just using BW for autofilling passwords, contact info, credit card numbers, etc.

 

[gregmac19]

I have to agree that app vs app , 1PW wins as best manager. I was a 1PW evangelist, i kept supporting them even when they hid the license purchase links. but now there are some serious caveats;-

-stores your data online
-you have to pay $3 monthly forever
-Electron app might not be pleasing but I have not tested it.

On the other hand, bitwarden:-

-Not every field is copyable
-Does not have an assistant app (must for me)
-App is electron as it seems but does not run in the background all the time
-Also stores your data online BUT its FOSS so I trust it more

One major advantage and killer feature:-

With bitwarden you can assign the correct ID of each field on a form so it will be able to fill every possible field for any login or form. I didn't see any other password manager that has this ability. No longer sites that the password manager can not autofill.

I think that 1Password's Secret Key feature makes 1Password more secure than Bitwarden. Additionally, and this has been covered on this thread before, I don't think that just because something is FOSS makes it more secure than something that isn't.

With Codebook's helper application (i.e., Secret Agent), you can readily fill any fields. (This is explained on their website.)

Although I have never used 1Password, I have no doubts that it is a secure and otherwise excellent password manager. However, I use Codebook because it has everything I need at a much lower cost. I have been pleasantly surprised that for such an obscure application, it is well designed and supported.

 

[HDFan]

After setup you will barley open the main app but will just use its browser plug-in or little helper in the menu bar for generating new passwords.

Not my experience. Constantly using the main app for websites that don't play well with 1Password, verifying new passwords and logins have been saved, etc. Probably use the main program at least 10 times a day.

 

[MisterSavage]

I think that 1Password's Secret Key feature makes 1Password more secure than Bitwarden. Additionally, and this has been covered on this thread before, I don't think that just because something is FOSS makes it more secure than something that isn't.

There's nuance to it. Companies like Lastpass that have been hacked multiple times that say "trust us, it's secure" vs Bitwarden that shows the code and results of security audits? No contest in that scenario.

I don't doubt that 1PW is secure. That's why I used it for years.

 

[Janichsan]

View attachment 2190628
Just had this notice while using Chrome - looks like 1Password 7's utility is going to be greatly reduced sooner rather than later... I think I'll give Strongbox a try.

See: The 1Password classic extension will stop working soon

They will also kill the 1PW extension for Firefox, despite Firefox continuing to support for Manifest V2.

*sigh*

I guess the time to switch has come.

I understand correctly that Bitwarden does not have local syncing (i.e. without cloud), correct?

 

[johnkree]

I think that 1Password's Secret Key feature makes 1Password more secure than Bitwarden. Additionally, and this has been covered on this thread before, I don't think that just because something is FOSS makes it more secure than something that isn't.

FOSS doesn't make anything more secure automatically. But because anybody can check the code the probability that security flaws are found and closed very fast is much higher than with closed source software. Both sides have their pros and cons but all in all I would say the combination of FOSS and a high user base is more secure than closed software.
A study by security researchers at the University of Maryland found that open source software had fewer security vulnerabilities than closed software, with an average of 0.32 vulnerabilities per 1000 lines of code in open source software versus 0.45 vulnerabilities per 1000 lines of code in closed software.

Another study by security firm Coverity found that open source software had a lower defect density (bugs and security vulnerabilities) than closed software, with an average of 0.45 defects per 1000 lines of code in open source software versus 1 defect per 1000 lines of code in closed software.

A 1000 eyes see more than a 100 eyes.

Not my experience. Constantly using the main app for websites that don't play well with 1Password, verifying new passwords and logins have been saved, etc. Probably use the main program at least 10 times a day.

I guess then the problem is with 1Password, right? I open Apples Keychain maybe twice a week? Or less? And the rest of the time it works. I'm using Bitwarden on Windows and Linux. I haven't even installed the app because the browser plugin does everything. If pages don't play well with 1Password then you could blame web developers for their inconsistency but this is ridiculous because it is obvious that thousands of websites will make mistakes. I never stumbled upon a site Bitwarden could not handle but I had a ton of problems with 1Password not recognizing password fields correctly. I also tried strongbox for a while and except those strange three field logins it also handles everything flawless.

There's nuance to it. Companies like Lastpass that have been hacked multiple times that say "trust us, it's secure" vs Bitwarden that shows the code and results of security audits? No contest in that scenario.

I don't doubt that 1PW is secure. That's why I used it for years.

This. Yes, Bitwarden also saves stuff online but at least it is open source and you can check what the app does. The best thing, imho, still is a local vault but KeePass is too complicated.

They will also kill the 1PW extension for Firefox, despite Firefox continuing to support for Manifest V2.

*sigh*

I guess the time to switch has come.

And this is one of the reason why I don't like 1Password anymore. They literally promised everyone to keep local vaults possible. They told everyone that they will keep the possibility to BUY the app instead of subscription only.
They broke promise after promise, they lied to their customers, they made it extra hard to cancel subs, they hid the possibility to buy the old version... That are not trustable moves. And I guess a company I trust with all my secrets and finances should at least be honest.
And then how they handled the backlash because of this.

I sometimes wonder why there's a big fuss over much more insignificant things, like when Apple takes a little while to close a security hole. But when it comes to privacy and security, people are often so careless. Adguard installs a root certificate to decrypt https traffic to supposedly better block ads? That's ok. 1Password lies to customers and supporters? That's ok. Now they are discontinuing support for the browser addon of the version they just sold at full price. 1Password 8 is not even a year old. But probably the fanboys still find it legitimate.

 

[Jay-Jacob]

I understand correctly that Bitwarden does not have local syncing (i.e. without cloud), correct?

No they don’t but Enpass do and can use wifi sync between devices. I use both Bitwarden and Enpass.

 

[Alwis]

I think that 1Password's Secret Key feature makes 1Password more secure than Bitwarden.

And who guarantees that someday, by mistake or intention, ziere will not be a 1PW version that just "forgets" to use the secret key or a strong password before sending the data into the cloud? Do not forget that Canada is one of the "Five Eyes" countries.

With Bitwarden that would not matter, as I can host it on my own server.

I understand correctly that Bitwarden does not have local syncing (i.e. without cloud), correct?

Yes, correct, but you can host Bitwarden yourself, without allowing the server access to the internet.

Just out of curiosity: Is there any PW manager, that allows autofill in the App Store or any other password prompts by the operating system?

 

[gregmac19]

And who guarantees that someday, by mistake or intention, ziere will not be a 1PW version that just "forgets" to use the secret key or a strong password before sending the data into the cloud? Do not forget that Canada is one of the "Five Eyes" countries.

With Bitwarden that would not matter, as I can host it on my own server.

I was comparing the default configurations of 1Password and Bitwarden. Hosting your vault on your own server is obviously more secure, and is something I have endorsed several times on this thread. That said, hosting your vault on your own server is more complicated with Bitwarden than with Codebook and Strongbox, and I'd bet that, percentage wise, not many Bitwarden users do it.

 

[rmadsen3]

View attachment 2190628
Just had this notice while using Chrome - looks like 1Password 7's utility is going to be greatly reduced sooner rather than later... I think I'll give Strongbox a try.

See: The 1Password classic extension will stop working soon

Is this a browser (Chrome) alert -- one that's displayed for any extension that's out of date? Or is it an Agilebits alert -- displayed because the browser is too new? In other words: If the user keeps browser out of date, will 1P7 continue to work?

 

[Janichsan]

Yes, correct, but you can host Bitwarden yourself, without allowing the server access to the internet.

Hm, that looks quite complex.

Is this a browser (Chrome) alert -- one that's displayed for any extension that's out of date? Or is it an Agilebits alert that's displayed because the browser is too new? In other words: If the user kees browser out of date, will 1P7 continue to wo

That's an Agilebit alert. It pops up the first time you run any of the mentioned browser after installing the latest 1PW 7 update.

 

[Alwis]

Hm, that looks quite complex.

It is much easier using Vaultwarden.

 

[johnkree]

Another reason why FOSS is great. 1PW 7 gets obsolete because of a browser plugin not working anymore. The devs just decide: Hey, we won't make a dime with this, lets ditch it. Most people will make the jump to 8 so we make even more money.
If popular FOSS stuff is abandoned there are always some nerds who take over.

 

[maflynn]

Hey, we won't make a dime with this, lets ditch it.

That's not wrong, developers have bills and they want to get paid a salary. I think many people in the open source world take a decidedly poor view of profiting from your work. I'm not saying your one of those, but rather an overall theme for many people. Even BitWarden has to make enough money off of its subscriptions, in order to keep staff employed.

If popular FOSS stuff is abandoned there are always some nerds who take over.

That's not entirely true, the open source landscape is littered with abandoned projects, untouched code or components left to whither on the vine.

Abandoned Open Source Code Heightens Commercial Software Security Risks
Out-of-date, insecure open-source software is everywhere
Synopsys Study Shows Uptick in Vulnerable, Outdated, and Abandoned Open Source Components in Commercial Software

Don't get me wrong, I'm not down on open source, but its not a panacea for all of our software needs. I think overall, Bitwarden has done a great job, but being open source doesn't guarantee that it will never fail

 

[MacBH928]

Completely agree. The Bitwarden app UI is clunky and ugly as hell. But I rarely use it. 95% of the time I'm just using BW for autofilling passwords, contact info, credit card numbers, etc.

This reminds of a lot of linux apps. I always imagined the back end stuff is more complicated but from what I see the stuff in the background always works but the GUI is the one that always has the problem. Is it possible GUI is more complicated than programming the software itself?!

Surely a company that can create a PW like Bitwarden can make it look better.

I think that 1Password's Secret Key feature makes 1Password more secure than Bitwarden. Additionally, and this has been covered on this thread before, I don't think that just because something is FOSS makes it more secure than something that isn't.

I worry that somehow the data get corrupted on my device or their servers and that "secret key" gets corrupted and now I am locked out of the app without all my passwords! I am sure they have something in the EULA or ToS that protects them from this.

-Just FOSS doesn't make it more secure. A popular FOSS does. Many people use it, see it, code it, contribute to it, and many PhD students probably trying to attack security software and succeed to write their thesis and show it off to their new employer

With Codebook's helper application (i.e., Secret Agent), you can readily fill any fields. (This is explained on their website.)

Although I have never used 1Password, I have no doubts that it is a secure and otherwise excellent password manager. However, I use Codebook because it has everything I need at a much lower cost. I have been pleasantly surprised that for such an obscure application, it is well designed and supported.

I had a hardtime understanding how codebook agent works but I have a rule not to use a non-mainstream apps especially for critical use case. I honestly rather go with a company that their PW is their bread and butter than an obscure software.

FOSS doesn't make anything more secure automatically. But because anybody can check the code the probability that security flaws are found and closed very fast is much higher than with closed source software. Both sides have their pros and cons but all in all I would say the combination of FOSS and a high user base is more secure than closed software.
A study by security researchers at the University of Maryland found that open source software had fewer security vulnerabilities than closed software, with an average of 0.32 vulnerabilities per 1000 lines of code in open source software versus 0.45 vulnerabilities per 1000 lines of code in closed software.

thats 40% more

I guess then the problem is with 1Password, right? I open Apples Keychain maybe twice a week? Or less? And the rest of the time it works. I'm using Bitwarden on Windows and Linux. I haven't even installed the app because the browser plugin does everything. If pages don't play well with 1Password then you could blame web developers for their inconsistency but this is ridiculous because it is obvious that thousands of websites will make mistakes. I never stumbled upon a site Bitwarden could not handle but I had a ton of problems with 1Password not recognizing password fields correctly. I also tried strongbox for a while and except those strange three field logins it also handles everything flawless.

Bitwarden is the best autofill for the feature that lets you assign the field IDs in the fill-out form. Its not intuitive but its the only current solution.

Ideally one would want to write out a form online and save all info in their correct fields but idk why password managers dont do that

And this is one of the reason why I don't like 1Password anymore. They literally promised everyone to keep local vaults possible. They told everyone that they will keep the possibility to BUY the app instead of subscription only.
They broke promise after promise, they lied to their customers, they made it extra hard to cancel subs, they hid the possibility to buy the old version... That are not trustable moves. And I guess a company I trust with all my secrets and finances should at least be honest.
And then how they handled the backlash because of this.

💯

That's ok. Now they are discontinuing support for the browser addon of the version they just sold at full price. 1Password 8 is not even a year old. But probably the fanboys still find it legitimate.

TBF, I don't expect to pay once and get lifetime support especially for the browser extension since browsers are updated so often but I was hoping I would keep the 1pw and and get the extension for free riding the wave of those subscribers paying 1pw for continuous support of it.

Just out of curiosity: Is there any PW manager, that allows autofill in the App Store or any other password prompts by the operating system?

iirc 1pw could do that but I do not know others

 

[gregmac19]

I had a hardtime understanding how codebook agent works but I have a rule not to use a non-mainstream apps especially for critical use case. I honestly rather go with a company that their PW is their bread and butter than an obscure software.

I am sorry, but I don’t get your hangup with Codebook. Zetetic (the developer of Codebook) has been around since 1998, and appears to have a solid business with SQLCipher and other products. Additionally, you use Enpass which relies on SQLCipher, but you wouldn’t use Codebook; I don’t see how that makes sense.

As I have stated before, Zetetic does a good job of supporting their software. And in the unlikely event they go belly-up, I can simply export my passwords out of Codebook and into another program.

 

[MacBH928]

With Bitwarden that would not matter, as I can host it on my own server.

Yes, correct, but you can host Bitwarden yourself, without allowing the server access to the internet.

Isn't it possible to alter the Bitwarden code in the part that says "connect to server" and direct it to "save to directory X" and then it would work just like a local storage? In my mind sounds like an easy code to do , but I am guessing its pretty difficult since no one did it yet and I am thinking Bitwarden made it difficult to do so in the first place so people keep using their servers... I do not blame them though.

Another reason why FOSS is great. 1PW 7 gets obsolete because of a browser plugin not working anymore. The devs just decide: Hey, we won't make a dime with this, lets ditch it. Most people will make the jump to 8 so we make even more money.
If popular FOSS stuff is abandoned there are always some nerds who take over.

Eh...not really. I have to agree to what maflynn said below. I have seen abandonment hell on Github. Those "nerds" irritate me as they keep forking and initiating a project and abandoning it. IMO you either be serious about a project or help another one instead of forking on your own.

that being said, you are still correct that FOSS does have the possibility of being picked up over closed source software

That's not wrong, developers have bills and they want to get paid a salary. I think many people in the open source world take a decidedly poor view of profiting from your work. I'm not saying your one of those, but rather an overall theme for many people. Even BitWarden has to make enough money off of its subscriptions, in order to keep staff employed.

Johnkree probably means developers ditching the users who paid for the software. Users who bought the software expect it to keep working. We don't buy cars multiple times a year, so we shouldn't be buying software multiple times a year.

Its a difference of opinion on how long to support the software after a sale. MY OPINION is a user should get at least 3 to 5 years of support after that you are on your own. I have much respect for developers who keep their older software in "working" state and keep pushing security and bug fixes but not feature updates albeit idk how much work that is on the developer.

That's not entirely true, the open source landscape is littered with abandoned projects, untouched code or components left to whither on the vine.

Abandoned Open Source Code Heightens Commercial Software Security Risks
Out-of-date, insecure open-source software is everywhere
Synopsys Study Shows Uptick in Vulnerable, Outdated, and Abandoned Open Source Components in Commercial Software

Don't get me wrong, I'm not down on open source, but its not a panacea for all of our software needs. I think overall, Bitwarden has done a great job, but being open source doesn't guarantee that it will never fail

You are correct. But I believe in sustainability not greed. What I have seen is that people who go the FOSS way are too underfunded because of stingy user not donating even $1 on the other side I have seen profit oriented software munching and abusing users to make more money, and then more, and then even more than that. Make the stock go higher, and higher, and higher for ever!

That being said there are some reputable closed source software which are profitable but have enough decency to not be greedy like Carbon Copy Cloner and Affinity and on the other side there are FOSS projects that has hit the sweet spot between FOSS and profitable like Bitwarden and NextCloud and others have been able to be sustainable through donations (I guess) like Debian, Pihole, and VLC.

 

[MacBH928]

I am sorry, but I don’t get your hangup with Codebook. Zetetic (the developer of Codebook) has been around since 1998, and appears to have a solid business with SQLCipher and other products. Additionally, you use Enpass which relies on SQLCipher, but you wouldn’t use Codebook; I don’t see how that makes sense.

As I have stated before, Zetetic does a good job of supporting their software. Furthermore, they are currently working on Codebook 4, the next major update of their software, so it appears to me that they plan on being in business for a while. And in the unlikely event they go belly-up, I can simply export my passwords out of Codebook and into another program.

When I buy a product I try to buy a flagship product not an obscure side thing. When I buy a TV I would buy a Sony or Samsung, not Sharp. I am not saying Codebook isn't good , its my choice to go with the crowd where I know more attention will be paid and the user base to be supported is much larger.

I only know of 3 password managers that have mini agent manager which are 1PW, CodeBook, and Enpass. If Enpass goes belly up I will go for codebook