In general, but not always 100%. I posted articles in this tread and so have others how there can be issues.
Last edited:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password migrants thread
- Thread starter MacBH928
- Start date
- Sort by reaction score
I am just glad we had an option to export the data. Evil tech corporates like to have custom formats to lock you in. IIRC Microsoft Word was a mess to export in any other editable format. Not sure if that is still the case.
I believe exporting your data should be a legal requirement from any app.
true, but what I and @johnkree are saying is that the open source side is safer than the closed source side of things. We are not saying open source is invulnerable . Having something open source does not automatically mean its safer to use than closed source either. I won't install obscure apps off github.
I don't get your point? You are asking people to ignore the fact that its subscription and has no local vault then they will give it a 5 star review? Its part of the app and a reason to dislike it especially when those features were built in the app and were taken away.
If you mean the app works great if you ignore the payment process , I do not think any one here argues against that. Remember we are the "1password" migrants thread. We used it because we actually liked it. It was the 1 app I might have considered subscribing to but the no local vault+closed source+their cloud used for syncing was too much.
Yes, and we are discussing alternatives to their decisions. They are not changing back to license and we are changing our apps and who we pay. Free market.
I benefited from this thread and ended with EnPass and Bitwarden. Other people chose Codebook. Some Strongbox.
I think that's more of a matter of opinion. I've seen arguments that point to closed source programs being safer for a variety of reason. Both open and closed source have their own positives and negatives. What I find is many hard core proponents are quick state their opinions are fact.
I'm not against open source, I think Bitwarden as a great application, and extremely secure. I don't think its any more secure then 1Password just because its open source.
Uuuuuh. Yes. I didn't say that open source is invulnerable. I actually stated the opposite. Again: Almost every code on this earth that is written by human beings will have flaws if it is more complex than print "Hello World".
Sure they have major vulnerabilities. As every complex software will have.
But: If you use open source apps that are used by a lot of users like Firefox, Thunderbird, Bitwarden, VLC,... then there are more people who look at the code than with a closed source app.
That is proven.
Open source code is reviewed by independent people why closed source code is reviewed by employees and maybe paid auditors.
There are several studies that all prove the same thing. Open source has
- lower defect density
- lower vulnerability density
- open source has way higher bug fix rates and is way faster in fixing issues
OnlyOffice is a highly regarded alternative that is very good in this regard.
No. These are facts. Just read the studies. I'm not an open source fanatic. I tend to spend money on closed source if the app is easier to use and looks nicer. I'm not breaking my finger knuckles on Gimp. I'm using Pixelmator Pro and Affinity Suite. I'm paying 50$ for Things. Because it is so nice to handle.
But you can't state that this is all just opinion. Crunch the numbers.
I mean, you can literally read the code yourself. Just paste it into ChatGPT and ask what the part does.
And yes, both sides have their pros and cons. But again:
Widely used open source software is more secure. Because of the points above.
Oh I'm sorry. Sometimes I tend to forget that we are in a post-factual world now. Everyone has his own believes. Like about vaccines and 5G and Bill Gates and microbots...
And thats the problem with keeping all your authentication data and secure notes on a password manager developers server.
These developers servers are a honeypot target, a treasure trove of logins. Even more of a target than Dropbox, iCloud, etc.
Automated hack attempts just try again and again. At least Bitwarden has required captcha in addition to login details on your account.
You might want to make sure your bitwarden login password is long and complex. You may also want to enable two step login for your bitwarden account. Details how to on bitwardens site here https://bitwarden.com/learning/enable-two-step-login/
These developers servers are a honeypot target, a treasure trove of logins. Even more of a target than Dropbox, iCloud, etc.
Automated hack attempts just try again and again. At least Bitwarden has required captcha in addition to login details on your account.
You might want to make sure your bitwarden login password is long and complex. You may also want to enable two step login for your bitwarden account. Details how to on bitwardens site here https://bitwarden.com/learning/enable-two-step-login/
Make sure you have two factor auth enabled. Even if they knew your password that's not enough with 2FA.
I am tired of this extra security stuff. 2FA, captcha, passwords...etc etc . I know its more secure but its becoming inconvenient. How many security checks we have to go through?
Credit cards require full number, expiry date, name, CVC, PIN, and TOTP sms code...just too much. And those captchas, I heard robots can do them easy
syncing to your own cloud or storage of service gives you the convenience of cloud syncing but less security threat than a password manager's own servers (I wonder if they can hide/obufscute their server address) . Then again, your "cloud" storage any where could be attacked just like any password manager. I understand malicious actors what the passwords more than one's personal files though so its a more desired target.
The Best Password Managers
Everyone should use a password manager, and after researching dozens and testing six, we recommend 1Password because it’s secure and easy to use.
www.nytimes.com
Wirecutter recommends 1password as the best password manager and Bitwarden second choice. Their argument its the easiest and most pleasant to use which I can not argue against. But the problem they act like the subscription is not an issue and Bitwarden's free option is not a PRO.
In fact they do give Bitwarden less points because the feaatures are available in the paid version which costs 1/3 of what 1password costs per year.
Basically they are compare free Bitwarden to subscription 1PW which is not fair
Keep your passwords on your own computer, and sync via local WiFi if you need them on your phone and/or tablet.
Before 1Password, I used the built-in built in Apple password manager. To be honest, I could go back to it just because I don't need passwords outside the Apple ecosystem. I went with it because I like the interface better than Apple's. I don't mind paying a subscription because I want my passwords hosted on the cloud. I don't want a situation where my hardware fails and all my passwords are gone. I realize you can back things up but cloud is just a lazy way to not have to worry about any of that.The Best Password Managers
Everyone should use a password manager, and after researching dozens and testing six, we recommend 1Password because it’s secure and easy to use.
Wirecutter recommends 1password as the best password manager and Bitwarden second choice. Their argument its the easiest and most pleasant to use which I can not argue against. But the problem they act like the subscription is not an issue and Bitwarden's free option is not a PRO.
In fact they do give Bitwarden less points because the feaatures are available in the paid version which costs 1/3 of what 1password costs per year.
Basically they are compare free Bitwarden to subscription 1PW which is not fair
Bitwarden does sound interesting and it's so much cheaper than 1Password.
I agree it's annoying, but if you're not careful then the consequences of not doing all that can be really bad. I guess it depends on the individual, but most people have their entire life and financial business accessible online. Supposedly passwords are going away but I'm not going to be a beta tester. I'll let the early adopters fall victim to whatever flaws the new system has before going with it.
I think this is a really bad idea, because if it is online, it can probably be hacked into.
People should ask themselves what of their personal information really needs to be online. For me, I wouldn't dare keep my passwords or any financial information on the internet. And all my backups are local only.
Give it a try! You only need to pay when you want to add TOTP codes, Yubikey support, etc.
Yet with using the cloud, you’re doing the same as a backup. The difference is that you’re paying for someone else to do it for you instead of saving the money and doing it yourself.
And I’m not even going to go into the legal issues from it.
BL.
I guess it's a balance between convenience and security. I could do everything through the mail with paper statements and have everything written down on paper but that still has some risk. Having everything in paper would require a safe to secure it because otherwise, all your information is right there to someone that broke into your house. I don't have anything crazy financial or huge amounts of money so I’m not an important target. I see people posting about their multiple six-figure accounts and I'm thinking yay go you LOL
For me, I like the ability to instantly check my accounts and pay bills without having to trust the mail system.
I hope you have one off site backup. Things like house fires and floods happen so it's really important.
I'm going to check it out. I haven't heard anything negative about them.
I realize there's additional risks with cloud back up as in you don't have 100% control of your data. Whoever has that data could give it to someone, or there could be a breach due to poor security. I don’t consider anything on iCloud “private” but I think it’s fairly secure from criminals.
In theory a local back up is always going to be more secure. If you have your files on your computer and backups at the same location, then for example a house fire could destroy all of your data. This is it some crazy far-fetched scenario because fires happen daily. If you have the discipline to maintain a local back up, keep it updated plus have an updated offsite backup then that's probably the way to go if maximum security is your priority.
Another use of the cloud is you can share data across your devices. For example if I change a document I'm working on with my Mac then while I am away from home need to look at it with my iPad then I can do this easily. I'm sure there's a way to do it with some type of file server. I've looked into Synology NAS devices and they seem interesting.
Criminals aren’t the issue; the loss of your 4A right to have the authorities to require a warrant to retrieve your data is a bigger loss of your rights than criminals breaking in to get it. Because that cloud service is a 3rd party to any investigation of you, a warrant would not be needed to get your data from that 3rd party, and you would be powerless to do anything about it.
Loss of your rights for the sake of convenience is not a right worth risking.
Which is exactly what I had done with 1Password 6 and earlier, and now Enpass. My main password vault is on my Mac. I sync over WiFi/ethernet to my iPhone, iPad, and PC. I back up my vault to my Synology NAS, then back up my NAS to an external disk via Synology HyperBackup, and store that offsite. Additionally, I back up my NAS to another external drive via Time Machine, plus also back up via TM to my NAS, so I'm triply covered when it comes to my vault.
I use CloudStation on my Synology NAS to keep my data in sync across different devices, but that is outside of a password manager. With CloudStation, anything stored in it automatically gets synced to any other devices that are hooked up to CloudStation (read: iPhone, iPad, Mac, PC). So basically I am running my own personal cloud with my own personal NAS; the there are two differences though, compared to Cloud service providers:
- My NAS stays behind my firewall and is never exposed to the internet. All activity done on it is as a client (read: installing patches or packages), but is never publicly exposed as an internet-facing server.
- Despite the higher upfront cost than any SaaS provider, the cost of getting the NAS has made up for that monthly subscription to any SaaS provider. $299 for the NAS, plus $100 each for 2 3TB drives, so call it $500 for the entire lot.
I bought my NAS in 2013, and haven't had to swap out the drives at all.
12 * 9.99/month = 119.88/year.
119.88 * 10 years = 1198.80.
$500 verses nearly $1200. It's more cost effective for the NAS versus a subscription. And that isn't even taking into account another subscription for 1Password: something which I already covered with my 1-time purchase of Enpass over a subscription to 1Password.
BL.
Wirecutter and a lot of other tech websites have become just advertising blogs with "bought" reviews in recent years. I wouldn't trust them. It's a good first stop for getting ideas but that's it.The Best Password Managers
Everyone should use a password manager, and after researching dozens and testing six, we recommend 1Password because it’s secure and easy to use.
Wirecutter recommends 1password as the best password manager and Bitwarden second choice. Their argument its the easiest and most pleasant to use which I can not argue against. But the problem they act like the subscription is not an issue and Bitwarden's free option is not a PRO.
In fact they do give Bitwarden less points because the feaatures are available in the paid version which costs 1/3 of what 1password costs per year.
Basically they are compare free Bitwarden to subscription 1PW which is not fair
Most of the time they will just recommend the big 5 in the market with the market leader in the first place.
Yes thats my opinion too. So many reviews just list the key features from the brochure like it's gospel, and no consideration of the downsides. Better to try a range of forums and the few proven independent technical journalists (hard to find but possible), test the product yourself if you can.
I hear that, and the issue is complex and we can go down the PRSI path very easily that the mods will come in and drop the ban hammer
Let me just say if you or anyone is in the cross hairs of the authorities to an extent that they're willing to get a court order for cloud based providers, don't you think they would have already (or will) have search warrants for your house?
It seems in some states you can be compelled to provide passwords and/or log into your computer.
Can You Be Forced to Disclose Your Computer Password to the Police? - Law Blog
In a digital world though, many electronics are protected by passwords, among other security measures. Thieves and police alike are...
I'm not taking one random website I found by googling as gospel, but my point is that having your passwords stored locally does not inherently offer you more rights or protections from the police or court systems.
This is true but they're not going to torture you or do something to force you to do it. At least not unless you have a few select 3 letter agencies after you. If you do then well you're just SOL. If it's just the normal legal people they're going to threaten you with contempt of court if you don't do it. At least you have a choice if you want to give up your private information or not. If you have it on the cloud, you don't have the choice to refuse.
I personally don't care for my own data because if they want it that bad then they can have it. There's nothing I have that's worth anything to governments.
No question, so it then really boils down, for us law abiding citizens, are we any more or less protected and what's the risk factor? I'm going to say the risk factor is so low that this line of thought borders a strawman argument.
Cloud based systems have risks, pros and cons, but so doesn't local based systems.