Good to hear, thank you for confirming!
I'm also concerned with the browser integration (the autofill parts) with v7 and making sure it also works in the new Safari still. That's where I could see their extension breaking, but I guess not?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password migrants thread
- Thread starter MacBH928
- Start date
- Sort by reaction score
I'm also concerned with the browser integration (the autofill parts) with v7 and making sure it also works in the new Safari still. That's where I could see their extension breaking, but I guess not?
That one, I'm not sure on, because I made the mistake of purchasing 1PW 6 from the Mac App store, instead of directly from AgileBits. If I had purchased directly, I would have had a free upgrade path and means to get a standalone license from them for 1PW 7. As I didn't, it would have been a full separate repurchase of that version. Also because I missed the window that they had their standalone license provisioning servers running, I can't purchase any version of 1PW from them without a subscription. From that and Apple's decision to drop Intel support, I went ahead and cut my own losses and migrated off of 1PW. Should they bring standalone versions back I may go back to them, but that prospect is bleak to none.
BL.
Not really. KeePassCX, KeePass, CodeBook, Enpass, and others offer local storage.
I don't know. Maybe it works like web email where you unlock the vault which is stored on their servers to access the passwords. I have no idea.
Where do you offsite the backup? I mean most people have one place (their home) to store their stuff. The other problem is updating your vault, you have to get that backup -> update it-> send it back to offsite location. Out of safety maybe you can do it once a month.
2 problems
1-People do not trust online companies to store their personal data due to privacy reasons. I avoid Google like the plague.
2-People are scared of an online hack and I can't blame them. Just search online to see how many leaks and hacks companies get.
In the end its a personal choice and risk. I decided to bite the bullet and trust Bitwarden for cloud storage and hope for the best.
Cloud storage is offsite backup. I backup to OneDrive, Dropbox, and AWS - all content is encrypted by me. Across those providers I expect that I have backups in different geographical regions. 1Password's servers are also offsite. I suspect they also ensure multi-region backups. If one doesn't use the cloud, then it is their own responsibility to simulate that to some extent.
I don't trust online much with respect to my privacy. That's why my content is encrypted. I also avoid Google like the plague - because they are a plague.
Hacks are not only online. Many computers and networks are compromised. Homes are burgled and disks stolen. That's why for something as critical as passwords the vaults have to be high quality. Also, local password syncing across the LAN had better be encrypted in transit. For me, the quality of the software used is more important than the location of the data.
I agree it's a personal choice. People have to base it upon their opinions of where the greater risks are, as long as they've considered all the risks (like the risk of skipping offsite backup).
I think you made a great choice with Bitwarden.
Reminder to the .... unwise: ALWAYS go to the developer's site to download your applications.
Otherwise, you run the risk of issues like this, in the case of Bitwarden:
www.bleepingcomputer.com
There isn't much BW can do on this, as it unfortunately comes down to the reading comprehension skills and gullibility of the user.
BL.
Otherwise, you run the risk of issues like this, in the case of Bitwarden:
Fake Bitwarden sites push new ZenRAT password-stealing malware
Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT.
There isn't much BW can do on this, as it unfortunately comes down to the reading comprehension skills and gullibility of the user.
BL.
With regard to @bradl's comment above, perhaps someone on this thread, who has the exact version of the software you downloaded, can compare the hash of the installer you downloaded to their own.
I have two files downloaded directly from 1Password some time ago.
1Password-7.9.2.pkg - with SHA-256 c1e0b2235388d1a8e7639ff752beb102d2bac89dbb89b20cee8d76701355e977
1Password-6.8.9.pkg -with SHA-256 621651d9ebbd761257f79ef97e51024897acb04d3ad1a5537675c87c1d4913aa
I might be able to help with 1PW 6.8.9, but I am all but sure that the hashes will be different between the packages on 1PW's site and the version in the Mac App Store. That said, as the App Store is a trusted source, it would also be irrelevant compared to other sites..
BL.
Truecrypt is no longer considered secure. You should re-do that encrypted disk image in its successor, VeraCrypt.
Synching between devices is the default operation for iCloud Keychain. You have to go out of your way to get it to STOP doing that, not that anyone should. I've used both 1PW and Keychain. Keychain is really limited to passwords and small, really small notes. 1PW has FAR more categories for storing data such as bank accounts, credit/debit cards/drivers licenses...etc.
Also Keychain has an unfortunate habit of corrupting itself and losing everything. I use it for convenience but I do NOT rely on it as my sole Password Manager. That would lead to an abundance of sadness.
I do not really trust Apple's synchronization features. Just now, contents of my iCloud drive are not downloading to one of my computers. Regularly, a shared documents in Notes doesn't synchronize unless I trick it by exiting Notes and starting it again. I've also had synchronization conflicts when only a single computer was working on a document.
Yes. Sometimes iCloud fails to sync (or is delayed in syncing) for me as well. It's puzzling.
Sometime ago, I heard that syncing is hard to do and has a lot of conflict. I am facing this currently with Joplin notes app and Enpass on iOS always has problem figuring that the wifi is on to sync with the desktop app.
On the opposite, some services have syncing working like a dream. So Maybe there is some tricks to it that is still not known profession wide.
Long time listener, first time caller... Still on 1PW7.
With Apple Keychain, what happens when my Mac goes in for service at a third-party repairer, and they need my login details? Don't they have access to all my passwords?
I realise they can still access all my iCloud data, emails, etc,. Is a second Admin user the only option?
With Apple Keychain, what happens when my Mac goes in for service at a third-party repairer, and they need my login details? Don't they have access to all my passwords?
I realise they can still access all my iCloud data, emails, etc,. Is a second Admin user the only option?
I think your questions are answered on the following thread: https://forums.macrumors.com/threads/setting-up-a-separate-passcode-for-icloud-keychain.2385805/
Thanks Greg,
I've set up 2FA and added Screentime. Unless I misunderstand, once logged into the user account you can still click on Passwords, enter the user password, and see all their information.
At least with 3rd party password managers like 1Password, etc,. you need the app password.
For example: My "trusted" Mac repairer always asks for admin password if it's required. So if my MacBook freezes, the service tech needs admin password to diagnose, they now can still open and view Keychain Passwords.
Attachments
If you have to take your Mac in for repair, I suggest you perform a backup to two different places, and then wipe the machine and set up as new. That way, you won't have to worry about a stranger trying to gain access to any of your personal files, whether it is Keychain or more mundane. If the repair person needs access, he or she can create an account when the Mac is powered on at their business. Never ever give out password information or keychain access to any repair person.
Last edited:
Hi Robert. This I do, even when sending to Apple.
However, there have been times in the past when the (relatives) computer won't boot so it can't be wiped nor new back up created.
Personally, I've 3,2,1 backups for decades.
How do you sync Strongbox between your devices? You need something like iCloud services...
And what about family sharing? You need at least two databases within Strongbox and then open/close one to open the other, or is there any other (more convenient) way?
After using 1Password for many, many years, I decided to switch because I was uncertain about the future of non-subscription 1Password. After doing a bit of research, I decided to go with self hosted Bitwarden (or Vaultwarden in my case).
Setting up the server was surprisingly fast and easy on my Raspberry Pi. I did not set up WAN access because I don't need it and don't want it. My iPhone syncs whenever I'm home and I can access it on all the computers at home. Works perfect for my needs.
Setting up the server was surprisingly fast and easy on my Raspberry Pi. I did not set up WAN access because I don't need it and don't want it. My iPhone syncs whenever I'm home and I can access it on all the computers at home. Works perfect for my needs.
Hi Berb,
You are correct. I am sorry, but I didn’t think enough about what was stated in that thread, to realize it wouldn’t help in the situation you described.
Because of the sync issues that I and others have experienced, which I provided details for in Post #2041 in this thread, I’d avoid Apple Keychain.
Greg
I already had Docker and Portainer running on my Pi 3 B+ so adding another container just took a few keystrokes.
Then, I followed the following guide to set up the security certificate. It was basically just copy and pasting 4 lines.
The video omitted some important common sense. Don't forget to keep regular backups of your Docker containers offsite. And do a bit of practice in quick recovery should you need it. If your Pi is smelling like it's burning, it would be good to know how to quickly start up docker on your desktop to get access to your vault.
People who roll their own password solution need to be a step above a simple hobbyist. I'm sure most of you are. Everything in that video had better be very familiar. Following setup instructions without some depth of understanding won't help you when you are troubleshooting loss of access to your vault a year from now.
People who roll their own password solution need to be a step above a simple hobbyist. I'm sure most of you are. Everything in that video had better be very familiar. Following setup instructions without some depth of understanding won't help you when you are troubleshooting loss of access to your vault a year from now.