I guess I’m the outlier in being very happy with 1Password and fine with paying for the subscription service. Not only is 1Password the best password manager I’ve used, but it makes it seamless to share stuff with my wife. I don’t care if 8 is an Electron app either, considering I usually interact with it via the browser anyway with their extension. (Also I know that the majority of what they wrote for it is Rust and fast, and I generally trust the engineers to do a good job since they’ve done a good job with it in the past) Also they make a CLI tool for accessing passwords allowing you to integrate password management there: https://1password.com/downloads/command-line/
I come at it from a slightly different angle. I got in when it was syncing via Dropbox and iCloud, and it worked perfectly fine.
The switch to a subscription service is a forced downgrade for me; it's putting functionality I already have behind a subscription.
This is particularly an issue since the old versions (versions I paid for, mind you) are slowly going away (typically as a recompilation and submission is required to keep them available on iOS devices).
This is the reason I bought my first license of 1Password many years ago. I thought the trust model of one vendor supplying the password manager but not the storage (I was using DropBox sync too at the time) was a great way to ensure that my data is safe.
Same story for me. I switched to the KeePassXC ecosystem eventually as a result — it's open source, has compatible clients for just about everything, and has one-click import for 1Password vaults.
I've been using KeePass (KeePassXC and similar) for years. macOS, Windows and Android. I've also had 1Password for a shared business vault for years as well.
I much prefer KeePassXC. I find KeepassXC substantially easier to use than 1Password on macOS. I strongly dislike 1Password's UX. It feels very cumbersome to use.
I have a shared family KeePass database as well. Works great.
I'm somewhere in between. I also paid for a non subscription version and I also feel like I was forced to upgrade to the subscription. Sadly switching password managers, especially if you share with a family, is really painful.
We now pay the subscription, a tad begrudgingly, but I have to admit 1Password overall does a great job.
I have done this, and it was horrible… for example I was missing all attachments (no notification or error messages). Also the fields are not properly converted 1:1.
All in all, it was a big mess. This was about a year ago.
Funny story: I migrated from lastpass to bitwarden a couple years back. I expected a big mess. Instead, the import was better than perfect: a bunch of accounts that wouldn't autofill in lastpass magically started to autofill after being imported into bitwarden.
I think it might be the only "better than perfect" import story I've ever experienced, and I can't rightly expect it to happen again, but it happened once and that's something.
This is the exact experience I had. I was moving from Lastpass after they sold out. I used the migration as a point in time to clean up my vault and have enjoyed a completely clean password manager ever since. Bitwarden has slowly been adding the features I wanted when I had left Lastpass - and at this point it just works for my workflow.
While I understand subscriptions can add value, I don't understand the forced model. Clearly 1Password has a subset of customers that don't want what they're forcing on customers. Maybe it's that they're positioning to sell the company and moving to 100% subscription boosts the bottom line valuation. But in the majority of cases the customer is not always delighted by this move. Sales organizations love to claim "it's what the customer wants", "it's more affordable", among other half-truths - when the reality is it's a much more consistent revenue stream that disconnects customers voting with dollars from continual enhancement of the product such that the customer is incented to upgrade.
Bitwarden's model is consumer friendly. I really appreciate being able to self-host a fully functional vault, even if I don't exercise that option. I feel confident that they won't hold my data hostage. $10/year is a great deal. +1 for bitwarden.
You... just saved me many hours. My 2021 goal is to migrate from 1Password to Bitwarden. I’ve been putting it off as I still have half a year of my subscription. But that does make it easier.
I got Windows going on a throwaway VM and installed the 1P client. Took 30 mins to an hour but surely a better option than recreating your vault by hand
It’s not a complete import, you’ll get usernames and passwords but if you’ve done anything else with it (like say attaching software license files, scans of important documents, etc) they’ll be silently dropped.
Most record types (software license, wireless router, documents, drivers licenses, email accounts, membership, passports, maybe more) don’t exist in Bitwarden. I’m not sure what happens with all of those, maybe transformed into secure note, but again with all of the attachments removed. The lack of categories is also a nuisance for organization, you can create folders but have to manage it manually.
I’m still glad I switched, having bought 1Password on a bunch of platforms and a bunch of paid upgrades before it turned into a subscription. It probably would have been less money if it had been a subscription from the start with all the times I bought it. Maybe it’s irrational, I just don’t like being so dependent on a subscription service, and having a local network sync between my devices was just fine. Same reason Lightroom can pound sand with their $120/year licensing, I’m not going to keep my photo library in something that I just have to keep paying for the rest of my life.
Bitwarden is good enough for me, with 1Password as a subscription you can look at it and realize “this is going to be $36/year forever.” If I spent any time in it, might be worth the expense. I’ve bought a lot of software and I don’t mind paying for good software. But I’ve moved the things that were attachments to an encrypted disk image, and 99% of my password manager interaction is via auto fill so I don’t actually care how polished the UI is.
Family sharing would be a more compelling reason to stick with it if you’re using that.
> It’s not a complete import, you’ll get usernames and passwords but if you’ve done anything else with it (like say attaching software license files, scans of important documents, etc) they’ll be silently dropped.
It's not quite a silent dropping -- 1Password warns you with a popup during the export that it doesn't include them in the export file. BitWarden won't warn you, but in its defense the files aren't even present for it to skip...
Before I started using 1Password I did use the secure disk image method for storing what I now store in 1Password. But it's only a few things, really, and in every case it's just to have quicker access to something normally stored in a file cabinet so I don't have to dig into the files.
It's not going away any time soon, the app is still available for MacOS and the browser extensions work just fine. Eventually they will stop supporting them but that'll just mean at some point in the future a MacOS/firefox/chrome update will break the existing app and they won't fix it. That might be 2 months from now or it might be 2+ years.
Sure, if you longer have a way to use an older version of MacOS. Not a good idea to leave your sole copy on a machine you don't have full control over.
I'm perfectly happy with paying a subscription, and think $4.99/month for 5 people is affordable.
What I'm not happy with is the possibility of password access being limited or sync breaking if 1Password servers go down. At least with Dropbox (iCloud, wifi) sync, I have full control over the local vault file.
Ultimately, it might be mostly about ownership and choice for me.
I’m glad you find it affordable but these nickle and dime things add up. Especially when the product fits into $0 software so $4.99 is infinitely higher than $0.
I feel like these small, “affordable,” services are just whittling away the Unix philosophy of do one small thing well. Layering on unnecessary crap just to charge a fee eventually comes home to roost.
Also, passwords is a lifetime need. So 80 years x 12 months = $4,790.4 and that seems like a cost that should be reduced out of one’s lifetime.
Do I want to go to Tahiti once in my life, or pay for password convenience?
Again, glad you’re happy but I don’t want to live in a world where I pay $5/month for commercials versions that crowd out what should be community, OSS tools. I love curl and it’s awesome, but don’t want to pay $5/month/forever.
We forget that taxes are inefficient and should be minimized where possible. A login tax for all eternity sucks.
Let's Encrypt SSL/TLS certificates are free, as is Apache/Nginx/Caddy to reverse proxy Nextcloud or any other solution (if a web based interface is needed). You might also need something like ngrok ( https://ngrok.com/ ) for publically accessing the instance if you're behind NAT and are hosting it on a homelab, or alternatively just put it on one of the VPSes that you're using, if you have any.
Personally i'm using a similar setup (a WireGuard VPN tunnel or two in there as well) on my pre-existing VPSes, so the effective costs are 0$ for me. And the file based approach is actually superior to any (possibly) dubious browser plugins in my eyes.
This reads like that notorious HN comment about it being trivially easy to roll your own Dropbox. Our time has value. Good UI has value. How much time is saved by just using a service like 1Password versus the design, setup, maintenance, and ongoing use of a system like you suggest with all those individual pieces?
I was just thinking the exact same thing. For technical and especially non-technical folk, getting a full nextcloud host set up and working is going to take significantly more time than a simple login into 1Password, where it just works.
Box.net supports webdav if that's what you want. I'm not aware of any other big name cloud storage providers that offer support for standard protocols. It's available for free accounts, too. This does mean the files aren't encrypted, however if your vault is encrypted that may not matter to you.
Except, you didn't need to roll your own. 1PW used to support Dropbox - it's how I still use it.
And specifically you only need the DB free tier to store a 1PW vault, so the only cost was paying for the 1PW client (which I am more than happy to pay for on major version updates, as long as it is not a subscription).
1PW removed functionality that existed, with goal (or at the very least the effect) of locking users into their own cloud platform with a new monthly bill.
For a moment I felt that perhaps I should add clarification about how I'm not trying to dismiss the cloud solutions (as in the notorious Dropbox comment), but instead am attempting to provide one of the many libre setups to answer the parent question, but in the end didn't get around to it.
My time probably isn't as valuable as that of the many people here (about 5x less earnings on average in Latvia when compared to places like US), therefore it definitely makes sense for me to upskill myself in any way possible, especially if I get usable software out of it.
But if you take the container based approach, there is almost no administration to be done:
First, install Docker: https://docs.docker.com/engine/install/ubuntu/#installation-methods (about 10 minutes, varies by distro)
Personally, i use Docker Swarm, but that's just a few more init commands and Docker Compose works as well: https://docs.docker.com/compose/install/ (about 5 minutes)
Then, set up something like Caddy for a reverse proxy: https://hub.docker.com/_/caddy (probably 20 minutes)
And then, set up Nextcloud: https://hub.docker.com/_/nextcloud (probably 20 minutes)
Lastly, install KeePass from the previously mentioned links and put the password DB in the synced folder (probably 10 minutes)
Ngrok, DNS challenges etc. might be necessary depending on the setup, but are not usually required for most regular VPSes.
Backups and updates should also be taken care of, but full VPS backups are mostly standard and you can just bump the container tag every month.
As for the UI, i agree in principle, but not in this case. KeePass has good UI and I'd argue that you don't need a team of UI and UX developers to keep track of some usernames and passwords (and maybe certificate files).
Furthermore, I'd argue that most of the cloud offerings are actually problematic because not all of them let you download the data as files. In contrast, KeePass works with files (much like SQLite) and therefore, if you'd prefer to use SD cards or Samba or NFS or whatever instead of VPSes to somewhat decrease the attack surface, or simply use tools that you know, then you can do that. Want Syncthing instead of Nextcloud? Go ahead!
I'm putting emphasis on this because the line of thinking that we need web SaaS platforms for everything is dangerous - it makes you think that the problem is more complicated than it actually is. Whereas in reality some people probably get away with using password protected spreadsheets (don't do this). The problem is complicated only from a security perspective. That's it.
The cloud solutions excel at convenience and things like browser plugins and it's good that they're offering options for the less technically inclined folk, but they're far from the only option.
I know exactly how to do it, I've tried out what has been described above.
I've got a lab for stuff I want to tinker with, but a password manager is seen as an "essential service" to me like e-mail and music. I'd much prefer to pay a bit per month and have a team of professionals deal with it if the servers go down.
If at the end of the day my home server breaks and I want to get on and watch Amazon Prime/Netflix/whatever I still can with a hosted password manager. I value my time and sanity a lot more than £2 a month.
That's a fair point! But depending on your setup, it's also possible to replicate the password database file to every single device of yours on the network.
Currently doing just that, if any of my servers go down, i can still access all of my passwords on my desktop, on my laptop, on my tablet, on my phone or on my backup servers. Of course, provided that i have KeePass or a mobile app installed and know the master password.
Oh and I do manual backups to SD cards just to be sure every month. I'm not sure how I'd do that with a cloud service where in a sense their entire company (and my network connection to it) is a single point of failure. If my internet connection goes down, how would I log in to my selfhosted software in my homelab over LAN, without being able to access the passwords?
> so getting to know how to do things by yourself is a waste of time?
Potentially. Are you looking to make a prototype, or are you trying to go to prod with mission critical data?
Most people here could trivially roll a prototype grade password manager in pretty limited time. Getting something hardened and reliable is a different story.
Recently set up something similar. DNS entry that resolves to a local ip, swag + letsencrypt reverse proxying to Nextcloud, all setup as containers and accessible anywhere over WireGuard. I'm pretty happy with it.
It does seem like an interesting and useful project, though there are also other more popular alternatives like Caddy: https://caddyserver.com/ (even though their V2 not being backwards compatible was a tad annoying)
Apart from that, just wanted to say that WireGuard is absolutely lovely! Pretty simple to set up, works well and uses way less resources than something like OpenVPN.
The real question here is how much time it takes to setup this experience and how much time it takes to maintain. You could argue that the true cost is the labor cost of implementation and maintenance at your current pay rate.
Why not? I had this setup for years before switching to bitwarden_rs.
You have apps on every device to access your password database and do autofill. I stored everything in KeePass, recovery keys, TOTP seeds, sensitive documents and notes. I get the password sharing thing for families but for a single user they have the same featureset. The only thing missing is browser access but even though I now have browser access to Bitwarden I think I’ve used it like twice. I think I used Keyweb maybe once.
It's not the same thing because the whole argument being made is in the context of 1Password and its target audience: normal users. That's your mum and dad and other very likely non-techie people.
That comparison would be $2.99 for 1Password. It is the family plan that costs $4.99, and Bitwarden's family plan is not $0. It also assumes you don't want the features in the paid version of Bitwarden, so it's not an apples-to-apples comparison. 1Password doesn't offer a free reduced-feature version, true.
I think about sustainability quite a bit and if everyone who needs password management spends what you’re comfortable spending, that’s a waste I think. And when tech stops making things cheaper and faster it’s a bit sad.
> We forget that taxes are inefficient and should be minimized where possible. A login tax for all eternity sucks.
Yes, but like in many other cases, an efficient market would mean that they will always need to be better in most aspects than whatever free, open source, or simply lower cost competitor pops up.
Unless they decide to prevent people from exporting their passwords, of course — and that's a big enough dealbreaker for me that I'd move away anyway, not caring how fancy or advanced the rest of their UX is.
If the servers go down you'll never lose access to anything. You would lose sync while the servers were down but you would be able to access everything you already had on every device.
This makes losing local vault support an even bigger cause for alarm:
> After you remove a family member’s account, they can’t sign in to 1Password, which means:
> They lose all the items in their Private vault. Because the items weren’t shared with any other family members, no one will be able to access them.
Imagine: the access credentials of the administrator gets compromised, and the entire's family's digital life, stored on 1Password, gets wiped by the malicious actor.
The attack surface would be limited if instead, the removed user's license turns into a read-only one, like how 1Password currently deals with people using local vaults, and are not on a subscription.
Affordability is a mirage- $5 per month and $60 per year wont break a bank but its a huge amount to justify other geographies where money transactions are NOT in $$
I'd vastly prefer to be able to do 'bring your own storage' but for that price I don't really see a problem with that being a "you can do that, but you pay the same subscription price anyway" feature.
When you have a 1Password.com subscription, you are not "working in the cloud" like with Google Docs or something.
Your vault is local, and synced to/from the cloud.
Basically just like Dropbox. If your internet is down and you cannot reach Dropbox, all files synced to your computer are still there, on your computer. It's just that any changes you make locally or changes made on dropbox.com cannot be synced until your connection is back.
What I have zero interest in is increasing my attack surface solely for their bottom line.
I'm also increasingly uncomfortable with the company handling my passwords engaging in the sort of spin and dark patters we've seen from AgileBits in the past few years.
Agreed. In the end 1Password has always been a subscription, just you paid "one-time" upgrades every two years to stay up-to-date with the latest version.
However the differential factor of 1Password, which was that it _didn't_ provide the storage if you didn't want it, has now gone away. Precisely why I chose 1Password when I started using it. I don't see the difference between this and any other password manager now.
There might be security or technical reasons for removing this option, but looking at how hard they've been trying to get me into a subscription during the last couple of years I just think we're on a bad case of subscription-all-the-things here.
I think bitwarden is much less cringey as a corporation if you're looking for an alternative. I use it and pay an annual subscription and have no issues. You can even self host if you get fed up with pay for a suscription or their free service.
I'm curious about how you see the attack surface increasing when using 1Password. My knowledge of how it works is that it always stores your passwords in an encrypted blob that can only be decrypted with a combination of username, "master password", and vault password. So no matter if it's in Dropbox, 1Password's servers, or your own hard drive, if anyone obtains a copy of the password file they still have to crack it before they gain access to anything.
Also I see your reply has been downvoted enough to become grey. (EDIT: Looks like between starting writing this and submitting it, you're no longer in the gray from downvotes!) I imagine it's because you made a blanket claim about spin and dark patterns without any supporting evidence. I'd be curious to know what you're referring to since I don't really keep an eagle eye on this stuff, I just use their product.
The one thing I do remember in the vein of "dark patterns" is how they effectively hid the method of doing a one-time payment for 1Password where you have to manage syncing and backing up the password file yourself. Seeing as I have no reason currently to do anything but make a charitable read of that situation which has been decried more than once on HN, I'd be willing to bet they did so for the following reason: They have had many problems in the past where a customer has lost a password file because they were not a power user and did something such as keep it on one hard drive in their only computer. (reinstalled windows, hard drive died, etc.) So they wanted to make something that would prevent that from happening for the vast majority of their customers that don't really understand stuff like backups, or don't have Dropbox, or who aren't part of Apple's ecosystem and have iCloud, etc. so that their passwords will remain safe and secure. So they made their own sync service and hid the version that would do local-only files so that only the dedicated users who really want to do that would find it and use it.
OR alternatively they're a bunch of greedy people that just want to hoover up dollars from our wallets, as people love to accuse them of here. Maybe a little of column A and column B, honestly. Something something needing to ensure they have a company that stays in the black without wanting to absolutely bloat up their own software so it becomes another useless Enterprise(TM) application with each passing paid version.
Also the only affiliation I have with 1Password is I have a friend I recently learned works for them, otherwise I'm just a customer. I just got into one of my little ADHD focuses where I really wanted to reply with something long and detailed, so please don't assume I work for them or something and am defending them because of that :)
> I'm curious about how you see the attack surface increasing when using 1Password. My knowledge of how it works is that it always stores your passwords in an encrypted blob that can only be decrypted with a combination of username, "master password", and vault password. So no matter if it's in Dropbox, 1Password's servers, or your own hard drive, if anyone obtains a copy of the password file they still have to crack it before they gain access to anything.
_If_ they obtain a copy of my password file.
"My email is nucleardog@nucleardog.example, my password is abcdef12345."
If I'm using 1Password's cloud service I'm... screwed? You now have literally my entire digital life.
If I'm syncing anywhere else, you've got a much bigger task ahead of you. First you have to _find_ where my vault is stored, then you need to gain access to it.
There's an extra layer of security to the way I want to do this. An extra factor of authentication. I don't want the only thing between you and my entire life to be one set of credentials.
> So no matter if it's in Dropbox, 1Password's servers, or your own hard drive, if anyone obtains a copy of the password file they still have to crack it before they gain access to anything.
When I keep it on an airgapped machine that's a lot harder than when it sits on 1password's internet facing servers.
> I'm curious about how you see the attack surface increasing when using 1Password.
Someone above outlined it nicely: If you let 1Password take care of encrypting the vault, and iCloud (for example) of storing the vault securely, then a malicious actor would have to compromise both products to get your secrets.
> So no matter if it's in Dropbox, 1Password's servers, or your own hard drive, if anyone obtains a copy of the password file they still have to crack it before they gain access to anything.
Except that they control the client that I'm entering the master password into. So either the password is sent to their servers anyway or a malicious actor could simply update the client to do so.
You're of course free to use whatever software you want or do whatever you want. But I think assuming that you're going to see a malicious actor updating your password manager to steal all your data shouldn't be too high on your list of things that you think will realistically happen. I'm not saying it's impossible, just one of the least likely things to happen.
But you can take your device off the network when running the password manager to ensure it isn't able to do that, for example. (Or more realistically, you can watch with something like Little Snitch or WireShark to ensure it isn't happening.) That's something you can't do when the password manager requires the network to do its main function.
It's absolutely incredible to me that people ignore one of the biggest sides of the argument for pre-baked, user friendly products like 1Password: usability for as many people as possible.
You're trusting the client whether or not it can talk on the network. A malicious update that starts generating predictable passwords for websites doesn't need a network connection.
I've been using 1Password for 3 years now. Been paying $35/year and I'm with you on this one. I really like their service. The integrations are great. I rarely use their Mac app. I use my Apple Watch to unlock 1Password in my browser. That for me, is a game changer. It's such a seamless experience. I'm a happy customer and I love the service.
1. Open 1Password Mac app
2. Go to Preferences > Security > Apple Watch (there's also option to enable Touch ID) and enable it
Make sure you have your browser 1Password plugin updated to the latest version.
When you click on the locked 1Password icon in the browser, you get the "Double click to approve" alert on your Apple Watch. You double click the side button on your watch and 1Password in your browser is now unlocked. This also works the same way with Touch ID. Hope that helps. Cheers.
Same. I share my passwords with my wife and sync them across devices. I also have a license for an older standalone app. I don’t feel cheated. I wanted to be able to share some passwords with other people.
I saw something mentioned about self-hosted vaults. That is something I might consider for my family.
I advocated for the use of 1pass at work precisely because we can share strong passwords with the team. Otherwise, people would just use the same, well-known weak passwords for everything, including business critical ones like domain registrar or Gsuite admin or the root AWS account.
I am not as happy about having another Electron app running on my local box. I hope they spent time locking things down. On the other hand, if it means my wife (on Windows) gets feature parity with my macOS client, that would be good. Even better if the Linux desktop gets feature parity and no longer have to rely on the web or browser plugin.
It saves me so much time compared to how I used to have to do it — pull out phone, unlock, open Authy, wait forever for it to load, type in code, put phone away…
It’s the little things that all add up. I’m very happy with 1Password — been using it for 10 years, and happy to subscribe, considering it’s probably my most-used utility app.
I am cognizant of this risk, and assume it, because security is always a spectrum between Secure and Convenient. If I had to pull out my phone every time I wanted to use 2FA, I for sure would not be so liberal to turn it on for all the "low value" properties the way I do now
I have never even _heard_ of someone having their 1P master password compromised and the vault(s) exfiltrated (although I grant you it could be just because the NSA doesn't write blog posts about their pwn2own victories)
It's my recollection AgileBits is also running (that is: currently) a CTF with a publicly exposed vault, so folks can test the resilience against attack for themselves
> I am cognizant of this risk, and assume it, because security is always a spectrum between Secure and Convenient.
Absolutely. But also, in such setup, the security benefit of 2FA/OTP codes are negligible at best since there are no conditions under which only one factor could be compromised without also having the other factor leaked (assuming you're using unique passwords for each identity, which is the entire point of a password manager).
However, I suppose it could be used for bypassing the inconvenience of mandated 2FA scenarios (to the dismay of your company's security team).
> there are no conditions under which only one factor could be compromised without also having the other factor leaked
Man in the middle attack,
Phishing attack,
Over the shoulder attack,
Brute force attack,
Keylogger,
Http (not https) traffic sniffing,
'Breech' of the site and realisation they host their passwords in clear text on an unsecured db online.
Then there is human error; typing password into wrong site, giving your password to the tech support cold caller, telling someone your supersecret password ...
> Man in the middle attack
> Http (not https) traffic sniffing
If you can see the password, you can also see the time-based OTP, and you can use those to gain access.
> Phishing attack
> Over the shoulder attack
If you can convince someone to provide you their password, it's highly likely you'll also be able to convince them to also provide you their time-based OTP.
> Brute force attack
A successful brute-force attack on the vault (unlikely) means you've lost both your password and your OTP secret. A sucessful brute-force attack against a remote account using a safe password (re: password managers) is very unlikely!
> 'Breech' of the site and realisation they host their passwords in clear text on an unsecured db online
The password and the OTP secret themselves have no value (given that you're using unique passwords for each account). If the attacker has breached the service back-end then it's gameover anyways, regardless of 2FA for user accounts.
> But also, in such setup, the security benefit of 2FA/OTP codes are negligible at best since there are no conditions under which only one factor could be compromised without also having the other factor leaked (assuming you're using unique passwords for each identity, which is the entire point of a password manager).
Phishing and good ole fashioned human error are two methods by which a password can be leaked without exposing the 2FA token.
I previously thought that we were just having a difference of risk tolerance, but if you think some rando can _phish_ a TOTP secret, we are not even in the same universe of risk mitigation
> Hello, dear sir, this is the USA IRS and we are going to send the FBI because your TOTP code is expired and are going to put you in jail if you don... hello? hello?!
For passive phishing (e.g. setting up an identical website to the real one) stealing a valid TOTP token is trivial and such campaigns have already been spotted in the wild [1]
> if you think some rando can _phish_ a TOTP secret
Given the context this discussion is about (someone with a 1Password vault, storing unique passwords and TOTP secrets for each account they have) do you see any scenario in which a user gets his password stolen but not the token (or the OTP secret seed altogether)?
> Hello, dear sir, this is the USA IRS
If an attacker via a phone call is able to get the victim to (a) unlock their 1Password vault, (b) spell out their password for account X, what makes you think they couldn't get them to also (c) open their 2FA app and spell out their TOTP token?
> I previously thought that we were just having a difference of risk tolerance
The point I was making is that there are no security advantages to setting up a time-based OTP as a second factor for authentication if the secret seed is going to be stored in the same vault where the passwords are: might as well just forego this TOTP setup altogether and save the extra hassle. Or get a hardware second-factor (TPM, Google Titan, Yubikey, ...)
If my password vault is compromised it's game over anyway. There's enough access in there to remove the 2FA on all of my accounts even if you didn't have the codes. There's no way I'm giving up breakglass access and risking locking myself out of my accounts permanently or while I'm on road if I lose my phone.
The point of using 2FA for me is to protect me against my password being compromised since it's a long_lived access key.
I believe there's barely no benefit to setting up a TOTP 2FA for those accounts if you're going to store the backup codes/token seed along with the password in the same vault.
> If my password vault is compromised it's game over anyway.
There are ways you could make a vault compromise not mean a complete/irreversible takeover, but that would either give up breakglass access as you say or add complexity and reduce availability.
> The point of using 2FA for me is to protect me against my password being compromised since it's a long_lived access key.
In which situations on your setup would a unique password compromise not imply there's also been a TOTP token/seed compromise?
I'll be an outlier with you. I install the app where every I am, authenticate, and BAM, I have my passwords. So easy even a caveman could do it. I've been a happy subscriber for years.
I'm with you. It's seemless, it works (on everyplatform) and it's easy to use.
At the end of the day if you want a password vault that is sync'd across devices, you're trusting someone...somewhere. Be that 1password, dropbox, or even that Linode you manually rsync your data to. You've got to decide what is the biggest risk for your own personal use cases.
For me, I'd rather store my sensitive data with a company that has demonstrated a repeated push to keep my data as secure as possible, even from itself. It's their core business, all they focus on.
I think removing the self-managed data store feature makes sense even if not everyone likes it. It removes a source of architectural complexity, and most users aren't looking for local storage anyway.
Personally, the problem of managing reliable persistence of my password database just isn't something I want to spend time on, and the incremental difference in security posture is uninteresting to me given that it's encrypted at rest anyway. In terms of waking hours spent worrying about the security of my household IT, the security and persistence of sensitive documents (mainly vs. ransomware) is a bigger problem and I like that my passwords aren't tied up in that mess.
I agree, I switched about a year or two ago to subscription and I'm quite happy with it. There are some apps/platforms that I believe /should/ be subscriptions and my password manager is absolutely one of those. 1Password has continually added new/better features year after year and the price is tiny compared to the value I get (and then subsequently provide to people in my 'family'). The UI is the best I've seen in a password manager and while design doesn't necessarily affect the ability for a PW manager to do it's core job, I prefer looking at pretty apps. Almost every time I use 1Password I leave with a smile/good-feeling.
Agreed - software like this doesn't exist in a vacuum of frozen dependencies (at least not until Urbit takes over). Subscription models make sense for stuff that requires updates over time to keep it working. Their stuff is reasonably priced and the product has been really good for years (imo).
I suppose they could do something like JetBrains where you get updates while subscribed, but realistically login breaks for users would be a mess to support and a standalone text editor is a different service.
This move makes sense to me given their market. Those that want to run a vault can use an alternative that's more of a hassle to deal with.
100% same. I've been a happy subscriber for years now, and recently switched to the Family plan to try and get my parents to start taking security a bit more seriously.
I agree with all of your points - I'm okay with their sub model, I'm okay with Electron and it's the first time I was able to convince family members to use a password manager (because it works so well)
I think the issue people have is YetAnotherCompany:tm: forcing you into their subscription walled garden.
And also from a user security standpoint, i don't think we can keep going on making enhancements to user security good practice habits if we gate keep good password habits behind paywalls.
