1password vs lastpass

planteater · Jan 11, 2021

Apple_Robert said:
If you want an excellent password manager without the subscription fee, I highly recommend Strongbox. It is much better than LP, it rivals 1Password in features and UI, and the free option is probably more than enough for most people. If you want to be able to unlock with your watch and a few other features, they offer a one time payment, which is what I did and I have't regretted the move from 1Password, which ends in January.

Personal KeePass Password Manager | Strongbox

The world's leading KeePass Passwrod manager for iOS and MacOS. Download or find out more about Strongbox today.

strongboxsafe.com

Strongbox has a better privacy policy than 1Password and better security.

Why do you make that claim regarding Strongbox security? Do you know of a third-party audit, or have you reviewed the code?

I'm a current user of 1Password, and the reason I use them is due to trust. But I really have nothing to go on other than a rudimentary review of the company and what documents are made available. To me, features are secondary. I want the most secure password vault as I store it in the cloud. I'll move away from 1Password if I found one that deserves more trust.

mguzzi · Jan 11, 2021

KeePassX is free and not cloud based - also Dashlane is great. In the past both 1password and last pass being cloud based have had some security issues and one of them may have even been breached at one point.

lapino · Jan 11, 2021

I switched to Bitwarden in the end, 1password wasn't "it" for me (not bad, but I see little benefit over cheaper bitwarden).

Apple_Robert · Jan 11, 2021

planteater said:
Why do you make that claim regarding Strongbox security? Do you know of a third-party audit, or have you reviewed the code?

I'm a current user of 1Password, and the reason I use them is due to trust. But I really have nothing to go on other than a rudimentary review of the company and what documents are made available. To me, features are secondary. I want the most secure password vault as I store it in the cloud. I'll move away from 1Password if I found one that deserves more trust.

As you know, a full audit has not been done; only a partial one. The privacy policy for Strongbox is much better than 1Password, in my opinion.

No data leaves Strongbox (to a supported cloud for syncing) unless the user enables the feature or enables some of the "pro" features, which again, is better than the 1Password subscription model, in my opinion.

If you haven't already, read some of the security FAQ on Strongbox.

Support - Strongbox

⭐️ Sale Now On (20% Off) ⭐️ Helpdesk Read our how-to guides or contact our support team. Contact Us Please search the help articles first, as this will likely allow you resolve your issue much more quickly. The following articles address common problems: My Database Isn’t Syncing I Can’t Unlock...

strongboxsafe.com

The code for Strongbox is open source and anyone can do a full audit. I am guessing the Developer hasn't done such thus far, because he is a one man show.

I don't believe I have said anything that has been inaccurate about Strongbox. It does have security that does rival 1Password, in my opinion.

If you want to continue to disagree, that is fine.

1Password is a fine product but, I see no point in paying for a subscription where I can't have full control of my data. I also prefer the fact that Strongbox is open source and also has a solid privacy policy. I stand by what I said previously.

I also think Bitwarden is an excellent product. It has been audited and is open source as well. And no data has to leave the device, unless the user specifically enables the feature for syncing etc and certain extra features like watch unlock etc.

I am not sure why you have a problem with what I posted.

IowaLynn · Jan 11, 2021

I think StrongBox is based on same open source as KeePass - which I’ve used for over a decade. It is still getting updates as it did yesterday. So I think common code base is a strong selling point.

planteater · Jan 11, 2021

Apple_Robert said:
As you know, a full audit has not been done; only a partial one. The privacy policy for Strongbox is much better than 1Password, in my opinion.

No data leaves Strongbox (to a supported cloud for syncing) unless the user enables the feature or enables some of the "pro" features, which again, is better than the 1Password subscription model, in my opinion.

If you haven't already, read some of the security FAQ on Strongbox.

Support - Strongbox

⭐️ Sale Now On (20% Off) ⭐️ Helpdesk Read our how-to guides or contact our support team. Contact Us Please search the help articles first, as this will likely allow you resolve your issue much more quickly. The following articles address common problems: My Database Isn’t Syncing I Can’t Unlock...

strongboxsafe.com

The code for Strongbox is open source and anyone can do a full audit. I am guessing the Developer hasn't done such thus far, because he is a one man show.

I don't believe I have said anything that has been inaccurate about Strongbox. It does have security that does rival 1Password, in my opinion.

If you want to continue to disagree, that is fine.

1Password is a fine product but, I see no point in paying for a subscription where I can't have full control of my data. I also prefer the fact that Strongbox is open source and also has a solid privacy policy. I stand by what I said previously.

I also think Bitwarden is an excellent product. It has been audited and is open source as well. And no data has to leave the device, unless the user specifically enables the feature for syncing etc and certain extra features like watch unlock etc.

I am not sure why you have a problem with what I posted.

Sorry if I wasn’t clear. I wasn’t disagreeing so much as inquiring if you had some info that I wasn’t aware of.

That said, I do tend to trust open source more than closed software, in many cases. I just don’t have the ability to review the code myself for something as complex as a password manager.

I own the latest 1 Password version and host the password database on iCloud, not 1Passwords server, so I do have full control of it, or at least 1Password does not.

One thing that does make me a bit skeptical of Strongbox is that it is a single developer. Maybe that is a plus, or it could be a negative, depending on how skilled he is.

Apple_Robert · Jan 11, 2021

planteater said:
Sorry if I wasn’t clear. I wasn’t disagreeing so much as inquiring if you had some info that I wasn’t aware of.

That said, I do tend to trust open source more than closed software, in many cases. I just don’t have the ability to review the code myself for something as complex as a password manager.

I own the latest 1 Password version and host the password database on iCloud, not 1Passwords server, so I do have full control of it, or at least 1Password does not.

One thing that does make me a bit skeptical of Strongbox is that it is a single developer. Maybe that is a plus, or it could be a negative, depending on how skilled he is.

Thanks for clarifying.

Valid point about the developer. He has been very attentive when I have contacted him.

As far as I can ascertain, Strongbox is as strong as current technology allows within the Apple system. And for me, that is comforting.

I am confident in saying, that there is no way any person could get inside my Strongbox app on iOS or Mac. It would take more lifetimes than we both can imagine, and that is with numerous computers, not to mention, if someone l(like a family member etc.) got a hold of one of my devices and got curious, they would have to not only get through the master password, they would also have to get through the long PIN code. And if that doesn't seem like enough to some reading, a person would also have to get past my double blind password process. That means, if a person were to see my password for MR (for instance) and tried to log in as me with the credentials seen, it still would not work, because the password would be missing the crucial input that completes the password and has not been saved in Strongbox, 1Password, Bitwarden, or any other manager.

I asked 1Password for years to please institute a required backup method to the master password.

I also like the fact that I don't have to access the internet, in order to change account settings like you do with 1Password (re: master password).

It a good thing you are keeping everything on your devices so long as you have multiple backups. Bitwarden also allows for self-hosting although I haven't tried that option, yet.

What is a Double Blind Password? Password Manager Hack 2024

If you're worried about the security of a password manager app, double-blind password strategy is the most important thing you'll read today.

www.allthingssecured.com

s66 · Jan 11, 2021

KeePassXC is by far the best port of KeePass for macOS.

Multiplatform origin (KeePass), mutiplatform file format of KeePass, fully free, fully documented, open source [which is essential for getting peer review of the cryptography (1)]. What more could one want ?

KeePassXC Password Manager

keepassxc.org

You can easily store the password safe in icloud, of Google Drive etc. it's all quite simple to do.
Plugins for browsers also exist if you don't want to cut&paste the passwords yourself.

More KeePass implementations for other platforms than the mac:

KeePass Password Safe

KeePass is a free open source password manager. Passwords can be stored in an encrypted database, which can be unlocked with one master key.

keepass.info

(1):

As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice.
Bruce Schneier, Crypto-Gram 1999-09-15.

IowaLynn · Jan 11, 2021

s66 said:
KeePassXC is by far the best port of KeePass for macOS.

Multiplatform origin (KeePass), mutiplatform file format of KeePass, fully free, fully documented, open source [which is essential for getting peer review of the cryptography (1)]. What more could one want ?

KeePassXC Password Manager

KeePassXC Password Manager

keepassxc.org

You can easily store the password safe in icloud, of Google Drive etc. it's all quite simple to do.
Plugins for browsers also exist if you don't want to cut&paste the passwords yourself.

More KeePass implementations for other platforms than the mac:

KeePass Password Safe

KeePass is a free open source password manager. Passwords can be stored in an encrypted database, which can be unlocked with one master key.

keepass.info

(1):

Just installed the Windows client - looks polished and of course picked up my KeePass2 file.

s66 · Jan 11, 2021

IowaLynn said:
Just installed the Windows client - looks polished and of course picked up my KeePass2 file.

If you need an implementation for an iPhone or iPad:
Kypass is pretty good (not free unfortunately)

KyPass (iOS & macOS)

KyPass is an Password Management application for people with high demands on secure personal data management. It used the same database format than the Open Source Platform of KeePass Password Safe…

www.kyuran.be

Apple_Robert · Jan 11, 2021

s66 said:
If you need an implementation for an iPhone or iPad:
Kypass is pretty good (not free unfortunately)

KyPass (iOS & macOS)

KyPass is an Password Management application for people with high demands on secure personal data management. It used the same database format than the Open Source Platform of KeePass Password Safe…

www.kyuran.be

Pricing looks reasonable for both platforms looks reasonable.

macuros · Jan 17, 2021

Bitwarden all the way:

Bitwarden Selected As Best Password Manager By Us News And World Report

Bitwarden is an open source password management solution for individuals, teams, and business organizations.

bitwarden.com

If you have a NAS device you can even self-host it like I do. Don't need anything else.

Ursadorable · Jan 19, 2021

Been using Lastpass for years, haven't found a reason to switch. It's free, has never failed me and does exactly what it promises.

Madmic23 · Jan 19, 2021

Apple_Robert said:
With Keychain, there is no editing outside of the username and password. Keychain doesn't always work like it should. And if Keychain gets a glitch and doesn't work at all or you suddenly find your information for some websites is gone, you are in big trouble. Keychain doesn't inform you of data breaches that I recall. It doesn't allow you to store other sensitive information.

iCloud Keychain does inform you of security breaches and weak passwords, but you have to do some digging.

On iOS, go to Settings > Passwords > Security Recommendations. In that section, it will show you High Priority passwords that you should change if the password has appeared in a data leak. It also warns you of reused passwords and easily guessed passwords.

It would be nice if Apple would turn this into an actual full featured app that we could store other information in, but I guess that's not happening anytime soon.

iRock1 · Jan 19, 2021

Apple_Robert said:
Strongbox has a better privacy policy than 1Password and better security.

Hi, mind expanding on that?

Apple_Robert · Jan 19, 2021

iRock1 said:
Hi, mind expanding on that?

Privacy - Strongbox

Our Privacy Policy Last Update: 9 May 2024 – Added information on GDPR Compliance, improved formatting/readability. Previous Update: 29 September 2021 – Added reference to “Strongbox Zero” This privacy policy governs your use of the software application Strongbox (“Application”), the Strongbox...

strongboxsafe.com

Privacy Policy | 1Password

Read 1Password's privacy policy to learn about the company's commitment to preserving the security of your data, your privacy, and your rights to your data.

1password.com

In my opinion, Strongbox is better because the sensitive data remains on your device and is not transmitted to the developer or stored on any company servers. The only time data would not stay on your device is if you chose to use iCloud or another supported cloud service. At that point, privacy is then between you and the respective cloud service.

Strongbox does not have access to your data at any time.

While data is encrypted with 1Password, the data is stored on servers in the EU, which I do not like. I also do not like that the data servers have to be serviced by authorized personnel from a third party, even though the data is (supposedly) encrypted.

"Your Secure and Service data are held by third party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. In many cases (but we cannot promise that this will always be the case) even Service data held by these entities is encrypted with keys held only by us."

Madmic23 · Jan 19, 2021

Apple_Robert said:
Privacy - Strongbox

Our Privacy Policy Last Update: 9 May 2024 – Added information on GDPR Compliance, improved formatting/readability. Previous Update: 29 September 2021 – Added reference to “Strongbox Zero” This privacy policy governs your use of the software application Strongbox (“Application”), the Strongbox...

strongboxsafe.com

Privacy Policy | 1Password

Read 1Password's privacy policy to learn about the company's commitment to preserving the security of your data, your privacy, and your rights to your data.

1password.com

In my opinion, Strongbox is better because the sensitive data remains on your device and is not transmitted to the developer or stored on any company servers. The only time data would not stay on your device is if you chose to use iCloud or another supported cloud service. At that point, privacy is then between you and the respective cloud service.

Strongbox does not have access to your data at any time.

While data is encrypted with 1Password, the data is stored on servers in the EU, which I do not like. I also do not like that the data servers have to be serviced by authorized personnel from a third party, even though the data is (supposedly) encrypted.

"Your Secure and Service data are held by third party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. In many cases (but we cannot promise that this will always be the case) even Service data held by these entities is encrypted with keys held only by us."

1Password only stores your information in the EU if your using 1Password.eu, and that’s to comply with EU data regulations. If you sign up at 1Password.com or .ca, the servers are in North America.

Also, when they say your data is held by a third-party, that’s because they use Amazon Web Services for their servers.

1Password in your region

1Password was designed with you in mind. You can choose where your data is hosted and which currency you pay in.

support.1password.com

Accounts on:	Billed in:	Secure data hosted in:	Service data restricted to:
1Password.com	?? USD	United States	1Password staff
1Password.ca	?? CAD	Canada	1Password staff in EU or Canada
1Password.eu	?? EUR	European Union	1Password staff in EU or Canada

mailbuoy · Jan 20, 2021

Apple_Robert said:
even though the data is (supposedly) encrypted.

Do you have any information to support the inference that the data is not encrypted while in 1Password control?

Apple_Robert · Jan 20, 2021

mailbuoy said:
Do you have any information to support the inference that the data is not encrypted while in 1Password control?

I put supposedly in parenthesis because I can’t personally confirm that it is or isn’t. There are many here who like to quibble over every single syllable so, I did that as a means to stop replies saying, how do you know it is etc. with your reply, that obviously didn’t work.

Madmic23 · Jan 20, 2021

mailbuoy said:
Do you have any information to support the inference that the data is not encrypted while in 1Password control?

Apple_Robert said:
I put supposedly in parenthesis because I can’t personally confirm that it is or isn’t. There are many here who like to quibble over every single syllable so, I did that as a means to stop replies saying, how do you know it is etc. with your reply, that obviously didn’t work.

1Password data is encrypted on your device by your master password, so yes, the data is encrypted when it's on the servers used by 1Password. Only your master password can unlock the data.

About the 1Password security model

1Password is secure by design. Learn how 1Password encrypts your data, protects your privacy, and safeguards your information.

support.1password.com

SigEp265 · Jan 20, 2021

I used to like Dashlane until they raised their subscription. I stick with legacy 1password -- no subscription.

Apple_Robert · Jan 23, 2021

Bitwarden just had an update and one of the new features is the ability to create an encrypted export of the vault. As far as I aware, 1Password does not offer that feature.

2021 · Jan 24, 2021

I've been subscribed to 1Password for a few years, it could be cheaper but I don't really mind. Their apps are great on all platforms, although after migrating to the new Air I wish they were quicker with an Apple Silicon version.

How do you like macOS apps of other services?

jon08 · Jan 25, 2021

One thing I currently dislike about Bitwarden (but it seems to be a "limitation" of Firefox, rather than Bitwarden's fault) is that the vault in Firefox extension won't lock on system sleep. It works in Chrome but not in Firefox allegedly because the latter won't allow access to certain API or something like that. Which is pretty much a deal breaker for me currently. 1P on the other hand will lock nicely when I put my Mac to sleep...

Folks at 1P were generous enough and offered me 1-yr free subscription for upgrading from 1P6 to 1P7, so I'll take that and hopefully a year from now something will have changed regarding the above shortcoming in Firefox.

gwenjanus · Jan 25, 2021

Haven't tried 1lastpass. But I've been using lastpass for 2years but need to change to keeper. Not sure though if you can download it on your mac.

1password vs lastpass

Cancelled

macrumors 6502

macrumors regular

Contributor

macrumors 68020

Cancelled

Contributor

Suspended

macrumors 68020

Suspended

Contributor

macrumors member

macrumors 6502a

macrumors 6502a

macrumors 65816

Contributor

macrumors 6502a

macrumors regular

Contributor

macrumors 6502a

macrumors 6502a

Contributor

macrumors member

macrumors 68000

macrumors newbie

Our Staff