Hacker News new | past | comments | ask | show | jobs | submit login

Similar things have shown that 1Password has even worse problems than LastPass.



Could you be more specific? The only issue I've heard about was that in an old format you could see which sites had saved passwords. That's more of a privacy issue than a security leak.


On second glance it looks like you're right, I mis-recalled, they had a problem with the old DB format that's about as bad as LastPass has now. KDF they're using isn't the best, on par with LastPass and it looks like they're using authenticated encryption and everything... so overall, not so bad.

It's another magical proprietary solution though so I can't help but feel like switching from LastPass to 1Password wouldn't be worth the hassle. I'm looking for something more in the open source and dead simple direction.


What I like about 1password is they are proactive and explain their crypto process extensively. They're also small, in Canada and 1password is their only product, so the conflict of interest risk is lower.

There are scripts out there that will take your lastpass dump and convert it into a 1password import file. The process to convert over takes about 30m-1hr.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: