1Password migrants thread

[MacBH928]

Yeah I changed mine to Argon2id a while ago.

I know, I learned to do that from you post here some pages ago 😄

I went with Enpass, and sync between my iDevices, Mac, and PC over WiFi, and back up my vaults to my NAS, then back up the NAS, so I'm triple covered.

That said, one thing that we all know about popularity: something always wants to bring you down. In this case, it goes to 1Password and KeePass, as they are now being actively targeted by malware.

This vicious new malware version is now targeting password managers

1Password and KeePass are the new targets

www.techradar.com

More blood and guts on what it does is here.

ViperSoftX info-stealing malware now targets password managers

A new version of the ViperSoftX information-stealing malware has been discovered with a broader range of targets, including targeting the KeePass and 1Password password managers.

www.bleepingcomputer.com

So not only is it going after crypto, but it is also going after the well known/used password managers via its extensions, and more. For those that have 1Password and a subscription, does their install process automatically have an extension installed in a given browser to communicate with your vault?

BL.

Well its better than being on the more obscure side of things since it probably won't take much effort from an evil doer to attack it.

While I do not understand all of this, my previous knowledge tells me if there is a vulnerability they patch it and its done. So is there a continuous threat here? Wouldn't this threat at your local apps with native storage?

Better still no additional security threat vector.... If you use Safari on Mac iPhone or iPad the advantage is no browser extension is needed or used. Strongbox uses the Apple native built in AutoFill .... a feature I appreciate.

I am on the line about browser extensions. I keep hearing they are a threat but millions of people out there on different platforms and different browsers are using extensions. Still have not heard a problem coming from extension use

 

[MacBH928]

According to DoNotPay.com

"
Let's look at a few of the terms although you should visit the 1Password website for detailed information to help you find any violations that could lead to compensation.

1. You use their service at your own risk.
2. They can modify their subscription fees at any time.
3. They are not responsible for any loss you incur by engaging a third-party service on their website.
4. They can update or replace the current terms at any time.
5. They are not liable for any losses incurred due to scheduled maintenance and upgrades.
6. They can access customer data to solve technical problems.

"

I am not trying to put 1password under the spotlight here, other password managers probably has the same Terms of Service to protect them. i am just saying , just because you pay and have it stored in the cloud it guarantees you nothing and not even your password manager developer will reimburse you if anything goes wrong. You are on your own.

 

[toasted ICT]

have not heard a problem coming from extension use

A cursory search "In 2020, 106 browser extensions were removed from the Chrome Web Store, being used to steal user data, take screen captures or even steal credit card information from web forms" Article here

 

[maflynn]

Let's look at a few of the terms although you should visit the 1Password website for detailed information to help you find any violations that could lead to compensation.

1. You use their service at your own risk.
2. They can modify their subscription fees at any time.
3. They are not responsible for any loss you incur by engaging a third-party service on their website.
4. They can update or replace the current terms at any time.
5. They are not liable for any losses incurred due to scheduled maintenance and upgrades.
6. They can access customer data to solve technical problems.

I'm not defending 1PW, but what is in there that is any different then any other provider?

I think most (all?) have verbiage to state that they the provider are not responsible for your data, i.e., use at your own risk. And of course they can and will modify the fees at any time, I don't know any company that offers a subscription that will say you get to pay X dollars a month for life

Bitwarden has very much similar conditions, for liability and indemnification

 

[MisterSavage]

I know, I learned to do that from you post here some pages ago 😄

This thread is so long I can't remember who I talked about what with!

 

[gregmac19]

Better still no additional security threat vector.... If you use Safari on Mac iPhone or iPad the advantage is no browser extension is needed or used. Strongbox uses the Apple native built in AutoFill .... a feature I appreciate.

I'll go you one better with Codebook.

Codebook also uses Apple AutoFill for Safari. Additionally, the program has a helper application (Secret Agent) which, "allows you to quickly access and insert your Codebook data into other applications and browsers using a global keyboard shortcut, without bringing up the main Codebook window." In contrast, Strongbox, like most other applications, provides plugins for other browsers. And as you pointed out, these plugins are an additional security threat.

With Codebook, I use the default behavior for the program, which is to keep my vault offline (I realize that several other programs, including Strongbox, wisely give users this choice.) Additionally, all my backups are also offline. Thus, the bottom line is that if there is a more secure way of handling passwords than what I am doing, I am unaware of it.

 

[bradl]

I'll go you one better with Codebook.

Codebook also uses Apple AutoFill for Safari. Additionally, the program has a helper application (Secret Agent) which, "allows you to quickly access and insert your Codebook data into other applications and browsers using a global keyboard shortcut, without bringing up the main Codebook window." In contrast, Strongbox, like most other applications, provides plugins for other browsers. And as you pointed out, these plugins are an additional security threat.

With Codebook, I use the default behavior for the program, which is to keep my vault offline (I realize that several other programs, including Strongbox, wisely give users this choice.) Additionally, all my backups are also offline. Thus, the bottom line is that if there is a more secure way of handling passwords than what I am doing, I am unaware of it.

Basically this. The issue with the vulnerability is where the vulnerability is; if it is a plug-in or something that is local on your machine, that is within your control; 1Password’s servers and vaults are outside of your control. Of the attacker is able to breach the vault through some means (plugins or otherwise), the vulnerability is outside of the user’s realm to do anything about it, except sit and watch. If it is on their local machine, they can and need to at least mitigate it until a patch or fix for the vulnerability is released.

One can fix and safely mitigate any problems by securing their network; but they can’t secure servers they don’t have any access to outside their own vault.

BL.

 

[Apple_Robert]

I know, I learned to do that from you post here some pages ago 😄



Well its better than being on the more obscure side of things since it probably won't take much effort from an evil doer to attack it.

While I do not understand all of this, my previous knowledge tells me if there is a vulnerability they patch it and its done. So is there a continuous threat here? Wouldn't this threat at your local apps with native storage?



I am on the line about browser extensions. I keep hearing they are a threat but millions of people out there on different platforms and different browsers are using extensions. Still have not heard a problem coming from extension use

A browser extension is akin to propping your front door open while the top latch is still intact.

Just because millions of people use browser extensions doesn't mean they are all safe and don't put your information (in part of whole) at risk.

 

[MacBH928]

A cursory search "In 2020, 106 browser extensions were removed from the Chrome Web Store, being used to steal user data, take screen captures or even steal credit card information from web forms" Article here

A browser extension is akin to propping your front door open while the top latch is still intact.

Just because millions of people use browser extensions doesn't mean they are all safe and don't put your information (in part of whole) at risk.

Oh i understand that extensions can be malicious but so is installing any random software or opening any random file online. So long you are with the reputable guys you should be ok (I think?)

isn't similar to downloading apps online?

I'm not defending 1PW, but what is in there that is any different then any other provider?

I think most (all?) have verbiage to state that they the provider are not responsible for your data, i.e., use at your own risk. And of course they can and will modify the fees at any time, I don't know any company that offers a subscription that will say you get to pay X dollars a month for life

You are correct but just to point out that many people think that when you are on the "cloud" and paying you are safe and backed up! Which is not truly the case, its a "convenience" service but no you are not really protected. You are on your own.




This reminds of a little thing people do not know about banks. Your money is only insured up to $100K (iirc). So in theory and legally, if you have $10M in the bank and it goes bankrupt you are only getting $100K back (at least to my understanding)

Bitwarden has very much similar conditions, for liability and indemnification

yes but Bitwarden is free for the most part 😁

I'll go you one better with Codebook.

Does it have extension to autofill in FF and Chrome? I tried searching online but info is pretty scarce on this password manager.

Basically this. The issue with the vulnerability is where the vulnerability is; if it is a plug-in or something that is local on your machine, that is within your control; 1Password’s servers and vaults are outside of your control. Of the attacker is able to breach the vault through some means (plugins or otherwise), the vulnerability is outside of the user’s realm to do anything about it, except sit and watch. If it is on their local machine, they can and need to at least mitigate it until a patch or fix for the vulnerability is released.

One can fix and safely mitigate any problems by securing their network; but they can’t secure servers they don’t have any access to outside their own vault.

BL.

yeah but... the whole idea if letting someone else manage it for you is that 99% of people or more do not have enough know how to host their data and cybersecurity skills to patch vulnerabilities and thats why people pay for cloud hosting...including stuff like AWS and other similar cloud services.

Plus, if you have the data locally can't you get targeted? I mean like in the 90s having some one "hack" your computer over the internet was a thing but I haven't heard such attack (unless you install malware) for at least the past decade. I am not stating anything, I really don't know...

 

[strongy]

According to DoNotPay.com

"
Let's look at a few of the terms although you should visit the 1Password website for detailed information to help you find any violations that could lead to compensation.

1. You use their service at your own risk.
2. They can modify their subscription fees at any time.
3. They are not responsible for any loss you incur by engaging a third-party service on their website.
4. They can update or replace the current terms at any time.
5. They are not liable for any losses incurred due to scheduled maintenance and upgrades.
6. They can access customer data to solve technical problems.

"

I am not trying to put 1password under the spotlight here, other password managers probably has the same Terms of Service to protect them. i am just saying , just because you pay and have it stored in the cloud it guarantees you nothing and not even your password manager developer will reimburse you if anything goes wrong. You are on your own.

Community | 1Password

Connect with peers, contribute to 1Password products and learn how to stay safe at home, at work and beyond.

1password.community

Your 1Password data is encrypted using your Master Password (and in the case of membership – also your Secret Key) before it is transmitted over an encrypted connection to 1Password.com. Your Master Password and Secret Key are never shared with us or known by our servers. As such, even 1Password Team Members with the highest levels of access to the service cannot view the data customers enter into 1Password.

 

[Alwis]

All true, but people make mistakes and this could e.g. result in transmitting the secrets to the server, maybe because of some forgotten debug message. Probably the Canadian government could even enforve this by law.

I strongly prefer a second layer of defense by not exposing my sensitive data to the internet.

 

[bradl]

yeah but... the whole idea if letting someone else manage it for you is that 99% of people or more do not have enough know how to host their data and cybersecurity skills to patch vulnerabilities and thats why people pay for cloud hosting...including stuff like AWS and other similar cloud services.

That is the problem. Ignorance/naivety should not be any excuse for failing to protect one's belongings (in this case, their data). There's a reason why we have driver's schools and tests prior to getting a license to drive. That license indicates that you know how to keep yourself and the vehicle secure and know the consequences of hurting or damaging other people's property. Unfortunately, we don't have such mitigating factors here prior to someone getting onto the internet.

Plus, if you have the data locally can't you get targeted? I mean like in the 90s having some one "hack" your computer over the internet was a thing but I haven't heard such attack (unless you install malware) for at least the past decade. I am not stating anything, I really don't know...

You could, but in this particular case, you're protected by obscurity. Everyone knows that 1Password's servers are essentially centralized, so they know where they are going for that. However, with each person now being the target, it is more like that the attacker has to go fishing, like they did with Code Red or NIMDA. They'd have to turn the attack into a worm to have it go out to sweep through public IP addresses to 1) find a person who may be running a vulnerable extension, and 2) try to attack via that extension. That's a LOT of IP addresses to go through.

I strongly prefer a second layer of defense by not exposing my sensitive data to the internet.

This. I'd prefer to keep that sensitive data local as much as possible.

BL.

 

[Apple_Robert]

All true, but people make mistakes and this could e.g. result in transmitting the secrets to the server, maybe because of some forgotten debug message. Probably the Canadian government could even enforve this by law.

I strongly prefer a second layer of defense by not exposing my sensitive data to the internet.

Take a look at Strongbox. It's an article explaining security.

Support - Strongbox

Helpdesk Read our how-to guides or contact our support team. Contact Us Please search the help articles first, as this will likely allow you resolve your issue much more quickly. The following articles address common problems: My Database Isn’t Syncing I Can’t Unlock My Database Strongbox...

strongboxsafe.com

 

[johnkree]

Community | 1Password

Connect with peers, contribute to 1Password products and learn how to stay safe at home, at work and beyond.

1password.community

Your 1Password data is encrypted using your Master Password (and in the case of membership – also your Secret Key) before it is transmitted over an encrypted connection to 1Password.com. Your Master Password and Secret Key are never shared with us or known by our servers. As such, even 1Password Team Members with the highest levels of access to the service cannot view the data customers enter into 1Password.

All you are doing is repeating 1Password marketing slogans. How do you know that? 1PW is closed source, we don't know anything that is going on. We can see that it is connecting to some server and that it is working as promised (most of the time). There is no way to prove that what they are saying is true.

All true, but people make mistakes and this could e.g. result in transmitting the secrets to the server, maybe because of some forgotten debug message. Probably the Canadian government could even enforve this by law.

I strongly prefer a second layer of defense by not exposing my sensitive data to the internet.

Right. There is no perfect code. (Besides print "Hello World" )
This is a site that collects security issues of software:

1password : Security vulnerabilities, CVEs

Security vulnerabilities related to 1password : List of vulnerabilities affecting any product of this vendor

www.cvedetails.com

2022-06-15:
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

2022-05-09:
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.

2021-09-29:
The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.)

 

[MacBH928]

Community | 1Password

Connect with peers, contribute to 1Password products and learn how to stay safe at home, at work and beyond.

1password.community

Your 1Password data is encrypted using your Master Password (and in the case of membership – also your Secret Key) before it is transmitted over an encrypted connection to 1Password.com. Your Master Password and Secret Key are never shared with us or known by our servers. As such, even 1Password Team Members with the highest levels of access to the service cannot view the data customers enter into 1Password.

thats only speaking of vault content. They can access outside vault content, like email, ip, os, location, mouse movements, key presses etc etc...who knows? its all based on trust. I am not saying they are not trusty worthy, but given from what I have seen from their business tactics personally I decided not to trust them any more.

That is the problem. Ignorance/naivety should not be any excuse for failing to protect one's belongings (in this case, their data). There's a reason why we have driver's schools and tests prior to getting a license to drive. That license indicates that you know how to keep yourself and the vehicle secure and know the consequences of hurting or damaging other people's property. Unfortunately, we don't have such mitigating factors here prior to someone getting onto the internet.

TBF, we can't expect the average internet user to have a certificate of system administrator just to log on to youtube and click likes to videos. Thats akin to have a degree in in house plumbing just to use the toilet. I meant, I have been using the internet daily for 20+ years. I still do not know what subnet mask is.

All you are doing is repeating 1Password marketing slogans. How do you know that? 1PW is closed source, we don't know anything that is going on. We can see that it is connecting to some server and that it is working as promised (most of the time). There is no way to prove that what they are saying is true.


Right. There is no perfect code. (Besides print "Hello World" )
This is a site that collects security issues of software:

1password : Security vulnerabilities, CVEs

Security vulnerabilities related to 1password : List of vulnerabilities affecting any product of this vendor

www.cvedetails.com

2022-06-15:
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

2022-05-09:
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.

2021-09-29:
The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.)

Correct.

I would be ok if there was some sort of legal punishment but we just saw Lastpass got hacked like 3 times and no body did anything in the favour of the paying user. Slapping wrists at the most. Plus they have their ToS to save them from any malicious or trust breaking in the future. In the end they will tell you clicked "I agree" so it was on you to trust them in the first place.

 

[johnkree]

I would be ok if there was some sort of legal punishment but we just saw Lastpass got hacked like 3 times and no body did anything in the favour of the paying user. Slapping wrists at the most. Plus they have their ToS to save them from any malicious or trust breaking in the future. In the end they will tell you clicked "I agree" so it was on you to trust them in the first place.

And that’s literally one of the biggest problems here. If I have my vault on my computer it is my responsibility and then a TOS like that makes absolutely sense. “Use our software, choose the place where the vault goes, your fault when some bad stuff happens.”
But now they are saying: “give us your data, give us your money, trust us, it is better when WE decide where the vault is and what goes where because you are too dumb and reckless.”
And if something happens they still say: uuuuh not our fault….

 

[Mr. Heckles]

According to DoNotPay.com

"
Let's look at a few of the terms although you should visit the 1Password website for detailed information to help you find any violations that could lead to compensation.

1. You use their service at your own risk.
2. They can modify their subscription fees at any time.
3. They are not responsible for any loss you incur by engaging a third-party service on their website.
4. They can update or replace the current terms at any time.
5. They are not liable for any losses incurred due to scheduled maintenance and upgrades.
6. They can access customer data to solve technical problems.

"

I am not trying to put 1password under the spotlight here, other password managers probably has the same Terms of Service to protect them. i am just saying , just because you pay and have it stored in the cloud it guarantees you nothing and not even your password manager developer will reimburse you if anything goes wrong. You are on your own.

I am pretty sure EVERY password manager says this. It's easy to cherry pick stuff you want to post.

And I was correct...
Bitwarden's TOS

H. Disclaimer of Warranties​

Short version: We provide our service as is, and we make no promises or guarantees about this service. Please read this section carefully; you should understand what to expect.

Bitwarden provides the Website and the Service "as is" and "as available," without warranty of any kind. Without limiting this, we expressly disclaim all warranties, whether express, implied or statutory, regarding the Website and the Service including without limitation any warranty of merchantability, fitness for a particular purpose, title, security, accuracy and non-infringement.

Bitwarden does not warrant that the Service will meet your requirements; that the Service will be uninterrupted, timely, secure, or error-free; that the information provided through the Service is accurate, reliable or correct; that any defects or errors will be corrected; that the Service will be available at any particular time or location; or that the Service is free of viruses or other harmful components. You assume full responsibility and risk of loss resulting from your downloading and/or use of files, information, content or other material obtained from the Service.

I. Limitation of Liability​

Short version: We will not be liable for damages or losses arising from your use or inability to use the service or otherwise arising under this agreement. Please read this section carefully; it limits our obligations to you.

You understand and agree that we will not be liable to you or any third party for any loss of profits, use, goodwill, or data, or for any incidental, indirect, special, consequential or exemplary damages, however arising, that result from

• your use or inability to use the Service;
• any modification, price change, suspension or discontinuance of the Service;
• the Service generally or the software or systems that make the Service available;
• unauthorized access to or alterations of your transmissions or data;
• statements or conduct of any third party on the Service;
• any other user interactions that you input or receive through your use of the Service; or
• any other matter relating to the Service.

Our liability is limited whether or not we have been informed of the possibility of such damages, and even if a remedy set forth in this Agreement is found to have failed of its essential purpose. We will have no liability for any failure or delay due to matters beyond our reasonable control.

They too, can change the pricing:

Our pricing and payment terms are available at bitwarden.com. If you agree to a subscription price, that will remain your price for the duration of the payment term; however, prices are subject to change at the end of a payment term.

Keeper also has wording they are not responsible also:

TO THE MAXIMUM EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT OR OTHERWISE, SHALL KEEPER SECURITY OR ANY OF ITS UNDERLYING SERVICE PROVIDERS, BUSINESS PARTNERS, INFORMATION PROVIDERS, ACCOUNT PROVIDERS, LICENSORS, OFFICERS, DIRECTORS, EMPLOYEES, DISTRIBUTORS OR AGENTS; BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY MONEY DAMAGES, WHETHER DIRECT, INDIRECT, SPECIAL, INCIDENTAL, COVER, RELIANCE OR CONSEQUENTIAL DAMAGES, EVEN IF KEEPER SECURITY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY.

 

[Mr. Heckles]

All you are doing is repeating 1Password marketing slogans. How do you know that? 1PW is closed source, we don't know anything that is going on. We can see that it is connecting to some server and that it is working as promised (most of the time). There is no way to prove that what they are saying is true.


Right. There is no perfect code. (Besides print "Hello World" )
This is a site that collects security issues of software:

1password : Security vulnerabilities, CVEs

Security vulnerabilities related to 1password : List of vulnerabilities affecting any product of this vendor

www.cvedetails.com

2022-06-15:
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

2022-05-09:
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.

2021-09-29:
The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.)

What’s your point? There as a vulnerability and it got fixed. All password managers do this.

Edit: here are list of vulnerabilities with Keepass. Again, as long as they get fixed, this is a moot point.

 

[Alwis]

What’s your point? There as a vulnerability and it got fixed. All password managers do this.

Edit: here are list of vulnerabilities with Keepass. Again, as long as they get fixed, this is a moot point.

When my data is on some server in the internet I have no way of mitigation vulnerabilities before they are fixed. When the data is on my server I can mitigate most of the vulnerabilities.

Beside, we do not know about vulnerabilities not published by 1PW. Having the data on my own server mitigates a lot of possible attack vectors.

 

[gregmac19]

Does it have extension to autofill in FF and Chrome? I tried searching online but info is pretty scarce on this password manager.

yeah but... the whole idea if letting someone else manage it for you is that 99% of people or more do not have enough know how to host their data...

I’ve answered the question about AutoFill at least twice on this thread, so I’ll not do it again. Instead, I refer you to Codebook’s well-written documentation: https://www.zetetic.net/codebook/documentation

The idea that keeping your vault local and still syncing is hard, is a myth. I briefly reviewed Bitwarden’s documentation, and will grant you that their process is somewhat complicated. However, with Codebook the process is easy. Again, I refer you to their help: https://www.zetetic.net/codebook/documentation

 

[bradl]

TBF, we can't expect the average internet user to have a certificate of system administrator just to log on to youtube and click likes to videos. Thats akin to have a degree in in house plumbing just to use the toilet. I meant, I have been using the internet daily for 20+ years. I still do not know what subnet mask is.

A co-worker I had some 30 years ago always had this to say regarding computers:

There should be a prerequisite before being able to sit down and use a computer: the ability to make fire. Not from a lighter or a match; if you can rub two sticks together, or take two pieces of flint and actually build a fire, then you have what it takes to sit down in front of and use a computer.​

Initially I laughed at that, but in seeing some of the things I have seen - especially in working a short period of time in tech support - the more I found out how much he was speaking the truth.

With everything I know in IT now, I actually think I'd be more content in sitting in a swinging chair on my porch and watch the chaos as it occurs.

BL.

 

[pullulator]

This is all sound and fury about nothing more than a few bucks. 1Password works flawlessly for me over my multiple MacOS, iOS, and Windows 10 devices and also over my wife's iOS device. One family payment per month, and it seems to stop all intruders in their tracks.

 

[bradl]

This is all sound and fury about nothing more than a few bucks. 1Password works flawlessly for me over my multiple MacOS, iOS, and Windows 10 devices and also over my wife's iOS device. One family payment per month, and it seems to stop all intruders in their tracks.

At the cost of leaving your data in the cloud. Not everyone wants that lack of control over their data, especially since what a lot of people are looking for is something that 1Password had been offering for over 10 years.

Additionally, the same thing that you are saying here is the same thing that people said about both Dashlane and LastPass.. and look what happened.

BL.

 

[MisterSavage]

This is all sound and fury about nothing more than a few bucks. 1Password works flawlessly for me over my multiple MacOS, iOS, and Windows 10 devices and also over my wife's iOS device. One family payment per month, and it seems to stop all intruders in their tracks.

Zero fury on my part. Saw the price was increasing so decided to see what was out there before deciding. Found something different I liked.

 

[gregmac19]

This is all sound and fury about nothing more than a few bucks. 1Password works flawlessly for me over my multiple MacOS, iOS, and Windows 10 devices and also over my wife's iOS device. One family payment per month, and it seems to stop all intruders in their tracks.

Zero fury or price concerns on my part, as I have never been a 1Password user. I wanted the most secure solution that works, and I now have that. That it is cheaper than 1Password is a bonus.