tbh I think their client is clunky and ugly as hell but I don't care because 99% of the time I'm not using it and just doing autofill.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password migrants thread
- Thread starter MacBH928
- Start date
- Sort by reaction score
Agreed, BW's app is nothing to write home about. I will say that I like how BW implements is auto-fill over 1PW. Also it does a better job with personal details.
Can I get TOTP for my bank? my bank sends SMS TOTP so I do not think that works with the password autofill
Unless they are lying, 1password and others claim to have an encrypted storage so even if the goverment asks for your data they can not crack it.
I trust wirecutter (maybe I shouldn't?) , but I found their usual recommendations are acceptable and products chosen can hardly be a wrong choice. As for displaying the paid sponsor, idk, I sometimes think that but I have seen them switch their top choice over the years.
For example, they used to recommend Netgear Orbi for wifi mesh and now they recommend Asusu ZenWifi.
I hear that, and the issue is complex and we can go down the PRSI path very easily that the mods will come in and drop the ban hammer
Let me just say if you or anyone is in the cross hairs of the authorities to an extent that they're willing to get a court order for cloud based providers, don't you think they would have already (or will) have search warrants for your house?
It seems in some states you can be compelled to provide passwords and/or log into your computer.
Can You Be Forced to Disclose Your Computer Password to the Police? - Law Blog
In a digital world though, many electronics are protected by passwords, among other security measures. Thieves and police alike are...lawblog.legalmatch.com
I'm not taking one random website I found by googling as gospel, but my point is that having your passwords stored locally does not inherently offer you more rights or protections from the police or court systems.
I think the idea is that if your data is with the company then you will never know if they got the info or not, monitoring behind the scenes. If your data is with you, then you will at least see the cops on the front door and know you are under surveillance. In addition, gov can get you, but at least no other corporate or outside government can get it. If your data is in the cloud they can share it with 3rd party of whatever they choose (or whoever is the highest bidder!)
Yea, if the gov. is out to get you, they will get you.
I hardly launch the app but I do not see much down side compared to the extension. Its like the extension in app form.
not if they don't find any thing illegal😬You will once they come to your front door with handcuffs
Here is a story some might find interesting:
restoreprivacy.com
Hackers Can Retrieve Master Passwords from KeePass Memory
KeePass password manager saves user input in retrievable memory strings, including master passwords that protect the user's credentials.
restoreprivacy.com
Last edited:
Here is a story some might find interesting:
Hackers Can Retrieve Master Passwords from KeePass Memory
KeePass password manager saves user input in retrievable memory strings, including master passwords that protect the user's credentials.
Conversely, could a proprietary password manager have similar vulnerability(ies) and the developers are keeping queit? We will never know!
First of all this is a good example of open source working as it should be. A flaw is detected and made public so everyone who is affected can take actions to prevent data loss.Here is a story some might find interesting:
Hackers Can Retrieve Master Passwords from KeePass Memory
KeePass password manager saves user input in retrievable memory strings, including master passwords that protect the user's credentials.
At the same time devs are working to close the gap.
This is a rather good article about the matter, I’ve seen a lot of clickbait regarding this flaw.
The most important information should be at the beginning of the article:
This is only possible with physical access to the computer or with malware.
I think that any developer of a proprietary password manager who became aware of a vulnerability to their code, whether their own discovery or via an independent researcher, would quickly provide a fix, and sooner that the current month out that KeePass is promising. After all, the developer has a vested interest in providing a secure product.
Here is another article about the problem: https://www.digitaltrends.com/computing/keepass-master-password-plain-text-vulnerability/
From the article:
The one caveat to this security breach is it requires physical access to the machine from which the master password is to be extracted. But that’s not necessarily always a problem – as we’ve seen in the LastPass exploit saga, hackers can gain access to a target’s computer using vulnerable remote access apps installed on the computer.
depends on how professional and how much care they put into it. Some developers are careless, and as a non-programmer I can't tell how much effort should go into it.
in addition to due to the proprietary nature of the software they might not be aware of the vulnerability, I mean if I was a malicious hacker I won't report that I found a flaw in their software and will keep abusing it.
It is not possible to make a general statement about this, because it is often not even known how long the security vulnerability is known on the Darknet before it becomes public. Many gaps are not even made public, but are quietly patched by the companies. Generally, Apple or Microsoft, for example, sometimes need days to weeks until a gap is closed, or even much longer.
Yes, well ...
1password : Security vulnerabilities, CVEs
Security vulnerabilities related to 1password : List of vulnerabilities affecting any product of this vendor
www.cvedetails.com
For those who are interested in taking matters in their own hands:
Is it hard to get into?
No. It is easier than I thought before. It is very easy to use and works on the iPhone, my Mac and Linux. I love it so far. I love that it uses a bare minimum of resources. I love that I have full control of everything.
If you take the time and put the work into it you can run this on everything. It is not for people who are having a hard time installing stuff from the Appstore. But following the tutorial is easy.
Edit: I don't know why this video is marked as not available. Just look for "Terminal Password Manager" in Youtube, the Creator is "Dreams of Code".
Even if you don't want to try this it is a very good video for beginners and gives a lot of insight.
Is it hard to get into?
No. It is easier than I thought before. It is very easy to use and works on the iPhone, my Mac and Linux. I love it so far. I love that it uses a bare minimum of resources. I love that I have full control of everything.
If you take the time and put the work into it you can run this on everything. It is not for people who are having a hard time installing stuff from the Appstore. But following the tutorial is easy.
Edit: I don't know why this video is marked as not available. Just look for "Terminal Password Manager" in Youtube, the Creator is "Dreams of Code".
Even if you don't want to try this it is a very good video for beginners and gives a lot of insight.
Last edited:
I know some people live in the terminal, but for us mere mortals having to remember the commands in our heads is just too difficult. But as long as it secure its still an option
And on it goes....
www.pcworld.com
LastPass 2FA reset prompts are locking users out of accounts
LastPass 2FA reset prompts are locking users out of accounts
Some customers can't access passwords after resyncing their two-factor authentication apps. If you're one of them, here's how to get it fixed.
www.pcworld.com
LastPass 2FA reset prompts are locking users out of accounts
Some customers can't access passwords after resyncing their two-factor authentication apps. If you're one of them, here's how to get it fixed.
www.pcworld.com
How are they still in business and why are people still using them?
And on it goes....
LastPass 2FA reset prompts are locking users out of accounts
LastPass 2FA reset prompts are locking users out of accounts
Some customers can't access passwords after resyncing their two-factor authentication apps. If you're one of them, here's how to get it fixed.
Yandex locked me out of an email account because I couldn't remember my favorite artist I filled in when i created the account like 7 years ago. To unlock the account they want me to upload my ID to them 😂
Another issue with trusting cloud storage, 2FAs, and proprietary software
I assure you the masses out there have no idea what they are doing. Just as much as I have no idea how my tv works, I click on and it turns on. They just get a password manager and think they are set. This type of news they probably never hear of as they are busy with their instagram posts and watching Snapchat.
I saw people who thought a Mac Mini was a cable converter box
PROTON PASS IS OUT
Video Review
Free for all, $1/M for some extra features, or $10 for VPN, EMAIL, CALENDAR, 500GB Cloud Drive, ProtonPass . Take that $3/M 1password! Its a little bare bones but another option if you trust Proton.
I will remain with Bitwarden and Enpass simply because I believe in keeping competition alive and not reach "final stage capitalism" where one corporate owns it all. I am Proton subscriber any way.
Video Review
Free for all, $1/M for some extra features, or $10 for VPN, EMAIL, CALENDAR, 500GB Cloud Drive, ProtonPass . Take that $3/M 1password! Its a little bare bones but another option if you trust Proton.
I will remain with Bitwarden and Enpass simply because I believe in keeping competition alive and not reach "final stage capitalism" where one corporate owns it all. I am Proton subscriber any way.
Interesting to note:
If one wanted to get this (especially the free version), you have to:
- create an account,
- supply credit card info, then
- check out.
🤨BL.
I’m not impressed at all. It’s missing a lot and like the video said, it can’t compete with other password managers alone. I don’t use Proton mail much anymore, because they lack features and slow to roll them out. This has to be the most underwhelming password manager, ever.
Honestly, it Apple Keychain had a standalone app, it would probably have the same functionality and features as this.
5. Indemnification
You agree that the Company, and any parents, subsidiaries, officers, directors, employees, agents, or third-party contractors (the "Indemnified Parties") cannot be held responsible for any third-party claim, demand, or damages, including reasonable attorneys’ fees, arising out of your use of your Account or the Services. You agree that the Indemnified Parties will have no liability in connection with any such third-party claim, demand, or damages, and you agree to indemnify any and all resulting loss, damages, judgments, awards, costs, expenses, and attorneys’ fees and litigation expenses of the Indemnified Parties in connection therewith. You will also indemnify and hold the Indemnified Parties harmless from and against any third-party claims, demands, or damages arising out of your use of your Account or the Services.
Terms of Service | Proton
Terms of Service for using the proton.me website and your Proton Account, including Proton Mail, Proton Contacts, Proton Calendar, and Proton Drive.
proton.me
In my opinion, it would be absurd to agree to such a condition of use.
5. Indemnification
You agree that the Company, and any parents, subsidiaries, officers, directors, employees, agents, or third-party contractors (the "Indemnified Parties") cannot be held responsible for any third-party claim, demand, or damages, including reasonable attorneys’ fees, arising out of your use of your Account or the Services. You agree that the Indemnified Parties will have no liability in connection with any such third-party claim, demand, or damages, and you agree to indemnify any and all resulting loss, damages, judgments, awards, costs, expenses, and attorneys’ fees and litigation expenses of the Indemnified Parties in connection therewith. You will also indemnify and hold the Indemnified Parties harmless from and against any third-party claims, demands, or damages arising out of your use of your Account or the Services.
Terms of Service | Proton
Terms of Service for using the proton.me website and your Proton Account, including Proton Mail, Proton Contacts, Proton Calendar, and Proton Drive.
In my opinion, it would be absurd to agree to such a condition of use.
Yes. Absurd. But few bother to read this stuff.
1Password, held in high esteem by many (I fail to see why) says :
Disclaimer And Non-Waiver of Rights
AgileBits Inc. makes no guarantees, representations or warranties of any kind as regards the website and associated technology. Any purportedly applicable warranties, terms and conditions are excluded, to the fullest extent permitted by law. Your use of the Service is at your sole risk.The Service is provided on an “AS IS” and “AS AVAILABLE” basis. The Service is provided without warranties of any kind, whether express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, non-infringement or course of performance, except as provided for under the laws of any province in Canada. In such cases, the provincial law shall apply to the extent necessary.
AgileBits Inc. its subsidiaries, affiliates, and its licensors do not warrant that a) the Service will function uninterrupted, secure or available at any particular time or location; b) any errors or defects will be corrected; c) the Service is free of viruses or other harmful components; or d) the results of using the Service will meet your requirements.
... blah blah blah
Yes. It is Absurd.