Password Managers for 2017

[macjunk(ie)]

My problem with the 1Password subscription, or any cloud password management, is that my data is stored on the company's servers. While I believe that AgileBits is competent enough to pull this off, I am not comfortable with it.

I agree, especially after the LastPass breach this month. It happened to LastPass, it can happen to anybody. And come to think of it, these password managers are basically walking around with a big bulls eye painted on their backs

Unfortunately, most password managers are gravitating to cloud storage and subscriptions. Not sure where that leaves the non-cloud people

 

[steve62388]

I agree, especially after the LastPass breach this month. It happened to LastPass, it can happen to anybody. And come to think of it, these password managers are basically walking around with a big bulls eye painted on their backs

Unfortunately, most password managers are gravitating to cloud storage and subscriptions. Not sure where that leaves the non-cloud people

Lastpass has been breached again? That will be the third time!

 

[AlliFlowers]

You won't spend the money for a subscription, fine. But how do you expect developers to put food on their family's table, or keep a roof over their heads - never mind updating their software.

Maybe you'd rather the old model where you just outright purchase a new version every year?

You won't always be able to keep using that original stand alone version, cause they break when you update the OS.

 

[macjunk(ie)]

Lastpass has been breached again? That will be the third time!

I got this from the 1Password thread somewhere here in the forums

 

[Primejimbo]

My problem with the 1Password subscription, or any cloud password management, is that my data is stored on the company's servers. While I believe that AgileBits is competent enough to pull this off, I am not comfortable with it.

I use the 1Password stand alone version, and will drop it if I am forced to move to the cloud. A while ago, I started a discussion about this, on the AgileBits forum and I was told that they would keep supporting it as long as there were customer to buy it. Having just visited their website, I now see that they are burying the standalone version - I couldn't even find it. This concerns me, and I fear the writing is on the wall.

Unless you use wifi or file transfer to sync, you're using someone else's cloud service. Of course the stand alone are buried, they aren't pushing it. Why would they? They have something new, it's easier to set up, has extra stuff, and it's more revenue for them. They said on the same forum, if people request the stand alone, they will help them. Why keep making something if it's not selling?

I was like you about having my data on someone else's servers. LastPass got hacked twice, and all the hacker got was blobs of data. I've been researching for a while and I'm comfortable with 1Password set up. I'm still reading all their stuff, they have a $100,000 bounty program, and they have audits by 3 party companies.

Here is a link for the stand alones:
https://agilebits.com/store

 

[JD2015]

Have used 1password for many years now and am a fan of the way your data is not stored on servers. If this changes will look else where as protecting my data in this day and age is very important. I for example, use Experian also to monitor my credit, email and any ID fraud/activity online. Unfortunately, as good as many online services are in protecting your data such as Apple, there is nothing impregnable, so it is just about putting up as many barriers to make it hard for someone to get your data. It is only when you have data of yours stolen or suffered ID fraud that you realise the benefit of strong password management software and online security. Password is my current preferred password manager but could see myself going over to Dashlane as heard so many good review of this and will check it out. I do like the way they can change your passwords automatically without the need for you having to go to each site and manually do it yourself. Not sure how secure that is though and how they can do this though.

 

[DCIFRTHS]

Unless you use wifi or file transfer to sync, you're using someone else's cloud service. Of course the stand alone are buried, they aren't pushing it. Why would they? They have something new, it's easier to set up, has extra stuff, and it's more revenue for them. They said on the same forum, if people request the stand alone, they will help them. Why keep making something if it's not selling?

I was like you about having my data on someone else's servers. LastPass got hacked twice, and all the hacker got was blobs of data. I've been researching for a while and I'm comfortable with 1Password set up. I'm still reading all their stuff, they have a $100,000 bounty program, and they have audits by 3 party companies.

Here is a link for the stand alones:
https://agilebits.com/store

Of course I use WiFi syncing I did a lot of research before switching to 1Password.

As I said, I believe that AgileBits is capable of doing cloud storage properly - it's not for me though.

Thanks for the link.

 

[AlliFlowers]

One of the things that originally drew me to DataVault - they don't have a server and never will. You can sync and backup to your choice of iCloud or Dropbox, or manually backup and restore amongst devices without using any cloud service.

 

[TonyK]

One of the things that originally drew me to DataVault - they don't have a server and never will. You can sync and backup to your choice of iCloud or Dropbox, or manually backup and restore amongst devices without using any cloud service.

Okay, now I'm looking at DataVault to see if it would be a good replacement to 1Password. Anyone else using DataVault?

 

[bradl]

I'm using the standalone version of 1Password, and works great for me. The other thing about it since I am (still for the time being) a systems administrator (and it is our job to be paranoid), I won't trust having something as critically sensitive as passwords or other PII data stored in the cloud anywhere. While it is great for ease of accessibility, one needs to weigh ease of use versus security. In this case, security wins out, regardless of how benign the password(s) in question may or may not be.

I got 1Password when it was on sale (I want to say I found it when CoM was offering a bundle) for less than half the cost of what it is now, back up the vault along with everything else on my Mac via Time Machine to a separate disk well as my Synology NAS at home, in addition a separate disk that I keep offsite (read: fireproof safe at a storage unit). If I need to have access to it remotely, I'll VPN into my home network and access my NAS that way.

DataVault sounds interesting. Anyone have a link to their site?

BL.

 

[Michael Scrip]

I don't like at all the subscription thing. 30-50$/year for password manager? Never! For now I have the 1Password stand alone app but if they go only subscription in the future I will just use the free Apple password manager.

So you want to pay once and then use their servers for the rest of your life?

Seems fair

Seriously though... I understand that people don't like the the idea of ongoing payments.

But you will be getting ongoing services... so...

 

[Primejimbo]

One of the things that originally drew me to DataVault - they don't have a server and never will. You can sync and backup to your choice of iCloud or Dropbox, or manually backup and restore amongst devices without using any cloud service.

Have they said they will never have a server? Also, it worries me that it hasn't been updated in over a year. Something I look when I buy an app, how often is it updated.

 

[AlliFlowers]

Have they said they will never have a server? Also, it worries me that it hasn't been updated in over a year. Something I look when I buy an app, how often is it updated.

View attachment 693898

I liked the APO so much I went to work for the company. I left them about a year ago, but still remain on good terms with the two remaining employees - the CEO and chief engineer. They don't want the trouble, responsibility, or liability that comes with a server. I've written about the CEO's views on updates in other threads. It had more to do with reviews than anything else. He likes doing an annual major update. Since there are only the two of them coding, it winds up being difficult doing regular minor updates if they don't see a really good reason for it.

 

[Primejimbo]

I liked the APO so much I went to work for the company. I left them about a year ago, but still remain on good terms with the two remaining employees - the CEO and chief engineer. They don't want the trouble, responsibility, or liability that comes with a server. I've written about the CEO's views on updates in other threads. It had more to do with reviews than anything else. He likes doing an annual major update. Since there are only the two of them coding, it winds up being difficult doing regular minor updates if they don't see a really good reason for it.

Still, people ideas change. Especially if new people come on board. As for the no updates in over a year (almost a year and a 1/2), it's hard to believe that an app has no bugs to fix in that time. In that year, 3 new iPhones came out and a major iOS update.

 

[AlliFlowers]

Still, people ideas change. Especially if new people come on board. As for the no updates in over a year (almost a year and a 1/2), it's hard to believe that an app has no bugs to fix in that time. In that year, 3 new iPhones came out and a major iOS update.

They have ask update in beta now if that makes you feel any better.

 

[steve62388]

Still, people ideas change. Especially if new people come on board. As for the no updates in over a year (almost a year and a 1/2), it's hard to believe that an app has no bugs to fix in that time. In that year, 3 new iPhones came out and a major iOS update.

If it's a two man band they must be relying on security through obscurity, the customer base must be comparatively small.

 

[steve62388]

Another day, another Lastpass vulnerability.

https://arstechnica.co.uk/security/...derscores-the-dark-side-of-password-managers/

 

[atmenterprises]

You won't spend the money for a subscription, fine. But how do you expect developers to put food on their family's table, or keep a roof over their heads

Innovation and diversification. Ford doesn't have one model of automobile. Samsung doesn't just make phones. Disney doesn't just have Mickey Mouse. The subscription model is almost becoming a tax on users for developers (or development companies) who are either greedy or unable to diversify.

 

[TonyK]

Innovation and diversification. Ford doesn't have one model of automobile. Samsung doesn't just make phones. Disney doesn't just have Mickey Mouse. The subscription model is almost becoming a tax on users for developers (or development companies) who are either greedy or unable to diversify.

My concern with the subscription model lies in how changes are pushed to the user. There are issues with Microsoft Word that have been present for many versions now and yet are not fixed. If your users are essentially connected to you for life, there is little incentive to fix things. Just roll out new features while not fixing old ones.

Storing such information like passwords and other personal and private information, on a server, a server that has all sorts of sensitive information for others, makes it a target for criminals. No site is 100% safe. There is no amount of money that could be paid to make up for a breach. It provides me more peace of mind to keep the data local.

 

[atmenterprises]

My concern with the subscription model lies in how changes are pushed to the user. There are issues with Microsoft Word that have been present for many versions now and yet are not fixed. If your users are essentially connected to you for life, there is little incentive to fix things. Just roll out new features while not fixing old ones.

Storing such information like passwords and other personal and private information, on a server, a server that has all sorts of sensitive information for others, makes it a target for criminals. No site is 100% safe. There is no amount of money that could be paid to make up for a breach. It provides me more peace of mind to keep the data local.

Completely agree!
[doublepost=1490824271][/doublepost]

So you want to pay once and then use their servers for the rest of your life?

Seems fair

Seriously though... I understand that people don't like the the idea of ongoing payments.

But you will be getting ongoing services... so...

There's no requirement to use their servers if you sync to Dropbox or iCloud. So why do we need to be billed monthly?

 

[Michael Scrip]

There's no requirement to use their servers if you sync to Dropbox or iCloud. So why do we need to be billed monthly?

I was speaking broadly of subscription services in general.

With LastPass you DO use their servers... but other password services do not.

So yeah... if you're not using their equipment... maybe you don't need to pay monthly for their services.

Or do you? You ARE getting something from the developers. It's a service. And they have chosen to go down the subscription route.

My original point was... even if you want to pay once... the developers are continually working on the product forever. Shouldn't they be getting paid somehow?

Maybe I should have used the word "service" instead of "server"

I know people hate all these monthly fees... $5/mo for this, $10/mo for that... but this is the world we live in now.

 

[atmenterprises]

I know people hate all these monthly fees... $5/mo for this, $10/mo for that... but this is the world we live in now.

The race to the bottom in terms of pricing has been another issue. I bought Audio Hijack for probably less than $30. Bought some backup program for $30-40 dollars. Maybe if developers collectively raised their prices where developers could earn a living without the subscription model we'd all be better off. But someone somewhere along the line decided that anything over 99 cents was a lot of money to spend on a smartphone app. It's a shame.

I won't participate in a software subscription model.

 

[steve62388]

The race to the bottom in terms of pricing has been another issue. I bought Audio Hijack for probably less than $30. Bought some backup program for $30-40 dollars. Maybe if developers collectively raised their prices where developers could earn a living without the subscription model we'd all be better off. But someone somewhere along the line decided that anything over 99 cents was a lot of money to spend on a smartphone app. It's a shame.

I won't participate in a software subscription model.

That's a bizarre stance. You say developers should be able to earn a living, but when they determine the best chance of doing so is a subscription model you won't support it. Come down on one side of the fence or the other, but don't sit on it.

 

[atmenterprises]

That's a bizarre stance. You say developers should be able to earn a living, but when they determine the best chance of doing so is a subscription model you won't support it. Come down on one side of the fence or the other, but don't sit on it.

No, if you read it again I say that developers should be able to earn a living but through appropriately-priced apps that can support them, not a subscription model.

 

[TonyK]

I was speaking broadly of subscription services in general.

With LastPass you DO use their servers... but other password services do not.

So yeah... if you're not using their equipment... maybe you don't need to pay monthly for their services.

Or do you? You ARE getting something from the developers. It's a service. And they have chosen to go down the subscription route.

My original point was... even if you want to pay once... the developers are continually working on the product forever. Shouldn't they be getting paid somehow?

Maybe I should have used the word "service" instead of "server"

I know people hate all these monthly fees... $5/mo for this, $10/mo for that... but this is the world we live in now.

The customer can be nickled and dimed to death if the customer isn't careful. Also, that is what paid upgrades do but the upgrades have to provide a compelling reason for the user to partake.

To go for the "service not server" phrase above, they are selling a product. I realize the in-thing now is "license" but I'm old enough to remember that wasn't the case and there was even case law for that.

Regardless though, people want to feel like they are getting value for their money. Make the subscription amount too high and have few people joining. Make it too low and lose revenue. Same holds true for outright purchases. If I spend $40 for a password manager I do not want to be hit up again in a short period of time for another $15 or $20 for updates.

Writing software and selling it is tricky. BTTT (been there, tried that) and didn't work. Shareware didn't work. Adware sometimes works.

Still, as a personal matter, I don't do subscription services if I don't have to. Took me decades to sign up for cable and there are times I want to cancel because most of what is on is junk. GoT and some other shows make it worth the price for very short periods of time.

Guess what I'm trying to say is so far no one has shown the benefit of moving to a subscription service instead of outright purchasing the software.