1Password migrants thread

[eltoslightfoot]

The video omitted some important common sense. Don't forget to keep regular backups of your Docker containers offsite. And do a bit of practice in quick recovery should you need it. If your Pi is smelling like it's burning, it would be good to know how to quickly start up docker on your desktop to get access to your vault.

People who roll their own password solution need to be a step above a simple hobbyist. I'm sure most of you are. Everything in that video had better be very familiar. Following setup instructions without some depth of understanding won't help you when you are troubleshooting loss of access to your vault a year from now

This is, of course, good advice. But to be honest, for all of my containers, I can just recreate from scratch and then upload data from the client. That would work for Nextcloud for instance. But, yes, in my past I have been a Windows Server Admin, Linux Admin, FreeBSD Admin, and Solaris Admin.

 

[pastrychef]

The video omitted some important common sense. Don't forget to keep regular backups of your Docker containers offsite. And do a bit of practice in quick recovery should you need it. If your Pi is smelling like it's burning, it would be good to know how to quickly start up docker on your desktop to get access to your vault.

People who roll their own password solution need to be a step above a simple hobbyist. I'm sure most of you are. Everything in that video had better be very familiar. Following setup instructions without some depth of understanding won't help you when you are troubleshooting loss of access to your vault a year from now.

I don't add many passwords anymore. I have exported the Bitwarden database for backup. Spinning up another Vaultwarden container on another server would be really fast and easy. It would only take a few minutes, at most, since I already have servers running.

 

[MacBH928]

Tried to give Codebook a shot. So far, its not going well importing from Bitwarden. I also got a weird warning that I do not recall ever seeing in my whole life on the internet.

 

[MacBH928]

After using 1Password for many, many years, I decided to switch because I was uncertain about the future of non-subscription 1Password. After doing a bit of research, I decided to go with self hosted Bitwarden (or Vaultwarden in my case).

Setting up the server was surprisingly fast and easy on my Raspberry Pi. I did not set up WAN access because I don't need it and don't want it. My iPhone syncs whenever I'm home and I can access it on all the computers at home. Works perfect for my needs.

can you access your passwords away from home?

 

[pastrychef]

can you access your passwords away from home?

No. I did not set that up. Syncing can only work when I'm home. I only have the data that had already been synced previously on my iPhone when I'm not at home.

It was the same when using 1Password 7. I was only able to Wi-Fi sync when I was home.

 

[Alwis]

Don't forget to keep regular backups of your Docker containers offsite.

You don't need backups of the container itself, but you do need backups of the vaultwarden data. There seems to be a container for this too, but I have never tested it.

I use a small bash script, which ic called from a script I use for backing up other data. I the script I use the sqlite .backup and .dump functionality to create a backup for the database. That ensures data integrity in case there is write access to the database while the backup is running. In addition a copy the whole vault warden data directory, which may or may not be enough on its own.

And of corse you have to try to restore your backups.

 

[bsmr]

Enpass does have Passkey support also with android devices:

Enpass for Android now supports managing passkeys - Enpass

A couple weeks ago, Enpass became one of the first password managers to manage and sync passkeys across devices on iOS, and today we’re bringing passkey

www.enpass.io

 

[gregmac19]

Tried to give Codebook a shot. So far, its not going well importing from Bitwarden. I also got a weird warning that I do not recall ever seeing in my whole life on the internet.

View attachment 2292255View attachment 2292256

Zetetic provides detailed instructions for importing from Bitwarden: https://www.zetetic.net/codebook/switch/import/bitwarden/

If you have followed these and are still having trouble, I recommend you contact Codebook Support, as they suggest.

 

[svenmany]

You don't need backups of the container itself, but you do need backups of the vaultwarden data. There seems to be a container for this too, but I have never tested it.

I use a small bash script, which ic called from a script I use for backing up other data. I the script I use the sqlite .backup and .dump functionality to create a backup for the database. That ensures data integrity in case there is write access to the database while the backup is running. In addition a copy the whole vault warden data directory, which may or may not be enough on its own.

And of corse you have to try to restore your backups.

I'd personally prefer a direct, short path to recovery. Putting the server vaults back to their exact backed up state would be my approach. Saving the state of the container is so trivial. But, you're probably fine with your approach. Also, I guess something like you've done might be required if the server software has to be updated. (Maybe the data on the client is not adequate to restore a new container created from the base image. I guess that would happen if you keep only a subset of vaults on your client.) That does bring up a few other risk areas.

It's critical to apply timely updates to the server software, especially if security exploits are discovered. Perhaps the server software has some auto-update functionality, or at least some way to notify you when it should be updated. Do you know if that's the case?

Another risk is if the client software is updated and becomes incompatible with the server software. This could be devastating if the incompatibility is subtle and not noticed. It will be critical to not let the server software get too out of date.

One thing I found amazing in the video, is that the presenter is recommending using server software not produced by Bitwarden. https://github.com/dani-garcia/vaultwarden

This project is not associated with the Bitwarden project nor Bitwarden, Inc.

The more I think about it, the more I think I would never take this approach unless I was willing to make a serious effort to do it right. And I wouldn't do it alone, since I might miss critical considerations. I would spend some time on forums where people might be sharing best practices. Absolutely one should regularly visit the Bitwarden forums to keep up. This level of care is justified considering how important passwords are.

 

[pastrychef]

It's critical to apply timely updates to the server software, especially if security exploits are discovered. Perhaps the server software has some auto-update functionality, or at least some way to notify you when it should be updated. Do you know if that's the case?

Watchtower can automate updates.

 

[Alwis]

Saving the state of the container is so trivial.

With a normal installation the user data is not stored within the container, which is normal for docker based installations and its intended use. So saving the container will not create a backup of the password vault.

 

[svenmany]

With a normal installation the user data is not stored within the container, which is normal for docker based installations and its intended use. So saving the container will not create a backup of the password vault.

That makes sense. I was being a bit silly.

 

[MacBH928]

Zetetic provides detailed instructions for importing from Bitwarden: https://www.zetetic.net/codebook/switch/import/bitwarden/

If you have followed these and are still having trouble, I recommend you contact Codebook Support, as they suggest.

I did the name changing in the CSV file and imported as "Bitwarden CSV " same thing it didn't work. Said it should have 8 columns not 11.

I imported as "CSV" file it worked but any custom fields I had got messed up. I think it stored them as notes. I use custom fields a lot. Those are fields usually that are not "email, password, username"

 

[gregmac19]

I did the name changing in the CSV file and imported as "Bitwarden CSV " same thing it didn't work. Said it should have 8 columns not 11.

I imported as "CSV" file it worked but any custom fields I had got messed up. I think it stored them as notes. I use custom fields a lot. Those are fields usually that are not "email, password, username"

I am sorry, but I am not able to help. I strongly encourage you to contact Codebook Support.

 

[doobydoooby]

After using 1Password for many, many years, I decided to switch because I was uncertain about the future of non-subscription 1Password. After doing a bit of research, I decided to go with self hosted Bitwarden (or Vaultwarden in my case).

Setting up the server was surprisingly fast and easy on my Raspberry Pi. I did not set up WAN access because I don't need it and don't want it. My iPhone syncs whenever I'm home and I can access it on all the computers at home. Works perfect for my needs.

That's an excellent idea. I will ponder it some more

 

[doobydoooby]

Thanks Greg,

I've set up 2FA and added Screentime. Unless I misunderstand, once logged into the user account you can still click on Passwords, enter the user password, and see all their information.

At least with 3rd party password managers like 1Password, etc,. you need the app password.

For example: My "trusted" Mac repairer always asks for admin password if it's required. So if my MacBook freezes, the service tech needs admin password to diagnose, they now can still open and view Keychain Passwords.

I prefer not to use apple's in-house solution for this reason, but also because it traps you further into apple. If you find a great third party vendor then at the very least you give yourself flexibility if you want to change part of your infrastructure at a later date. What if you suddenly have the need for a windows machine as a simple example.

 

[berb]

I prefer not to use apple's in-house solution for this reason, but also because it traps you further into apple. If you find a great third party vendor then at the very least you give yourself flexibility if you want to change part of your infrastructure at a later date. What if you suddenly have the need for a windows machine as a simple example.

Sage advice, and one that I follow. Thanks to the password import/export option I’ve tried five different password apps, including Apple Keychain. The somewhat ease of access to Keychain is what concerns me.

 

[MacBH928]

I prefer not to use apple's in-house solution for this reason, but also because it traps you further into apple. If you find a great third party vendor then at the very least you give yourself flexibility if you want to change part of your infrastructure at a later date. What if you suddenly have the need for a windows machine as a simple example.

I believe in decentralisation and not giving one company too much power. It keeps competition alive.

I also believe that the jack of all trades is master of none, I might like Office 365 but doesn't mean I have to use Edge as my browser and Bing as my search engine. In passwords case, I find Enpass, 1PW, Bitwarden and others much better as password managers that Apple's Keychain.

Sage advice, and one that I follow. Thanks to the password import/export option I’ve tried five different password apps, including Apple Keychain. The somewhat ease of access to Keychain is what concerns me.

which did you settle on?

 

[berb]

which did you settle on?

Back to 1Password 7.

 

[DCIFRTHS]

Back to 1Password 7.

That's what I am using.
Is AgileBits actively updating it for security related issues? I haven't seen an update on my phones in a long time...
I haven't installed the Mac app on my new machine yet. Is it native Apple Silicon? Does it still receive security updates?

 

[berb]

Is AgileBits actively updating it for security related issues?

The last update with 1Password for Mac was 7.9.11, released July 2023. For iOS 7.10.2 was released February 2023. No security bugs mentioned in the release notes, more along the lines of deprecating standalone vaults and browser extensions. Watchtower still updates as does haveibeenpwned.com.

Version 7.x is working OK for me on iOS 17 and MacOS 14 using Safari.

 

[johannnn]

New to this thread. Is there any "basic" password manager for Mac, preferably without sync (because I don't trust the security of small developers to keep my passwords safe) that is a good Mac citizen? Trying Bitwarden at the moment, but at least with the official app in the Mac App Store, I can't even drag an item to a folder lol. Just looks like a wrapper for their website. I'm just looking for an app that is more like "Finder.app" but for passwords.

 

[gregmac19]

New to this thread. Is there any "basic" password manager for Mac, preferably without sync (because I don't trust the security of small developers to keep my passwords safe) that is a good Mac citizen? Trying Bitwarden at the moment, but at least with the official app in the Mac App Store, I can't even drag an item to a folder lol. Just looks like a wrapper for their website. I'm just looking for an app that is more like "Finder.app" but for passwords.

If by "without sync" you mean a password manager that allows you to keep your data local, you have at least these choices: Codebook, Enpass, eWallet, Minimalist, mSecure, Roboform, SafeInCloud, Secrets, Sticky Password, and Strongbox.

 

[MacBH928]

New to this thread. Is there any "basic" password manager for Mac, preferably without sync (because I don't trust the security of small developers to keep my passwords safe) that is a good Mac citizen? Trying Bitwarden at the moment, but at least with the official app in the Mac App Store, I can't even drag an item to a folder lol. Just looks like a wrapper for their website. I'm just looking for an app that is more like "Finder.app" but for passwords.

What gregmac19 said. If you want best Mac citizen I would say 1password does the job (if you are not against subscription) but it does store your passwords in the cloud.

If you want local storage, I would say StrongBox. You could go for Codebook too.

You shouldn't be using Bitwarden if you are looking for a "mac citizen" and local storage. You are right, it feels like a wrapper to their website and stores your data in the cloud.

If by "without sync" you mean a password manager that allows you to keep your data local, you have at least these choices: Codebook, Enpass, eWallet, Minimalist, mSecure, Roboform, SafeInCloud, Secrets, Sticky Password, and Strongbox.

mSecure looks interesting but I am wary of it as it went into a phase of hiatus if am not mistaken so I don't think I can rely on it. Roboform looks professional enough and you can't beat the free priced plan.

 

[einsteinbqat]

1Password detects “suspicious activity” in its internal Okta account​

1Password CTO says investigation found no compromise of user data or sensitive systems.

https://arstechnica.com/security/20...icious-activity-in-its-internal-okta-account/

At least nothing was compromised.