How did you use 1password previously? Self hosted? Where was your password database?
You know, I never think to mention this as Iāve never liked password-pasting browser extensions. 1Password was awkward at copy and paste but thatās what I did. Strongbox has better buttons ā copy pw or copy pw and open URL. Nothing about trying to paste and auto-login, which is fine by me.
I used it as a stand alone app with all my passwords totally in my own vault and did sync to iOS devices only via my own wired or local wifi sync option. Passweords were never their cloud service. Itās not really self hosted in that there were several steps to sync things, especially trying to sync my other Mac computer but it did work. I can say that I managed to convert everything and Iām out from under them now.
1 Like
The only process that Iām aware of to attack properly implemented AES256 specifically (ignoring problems common across cryptographic systems) is a brute force attack on the key space. All of the computing power on Earth couldnāt go through half the key space in anything close to the estimated remaining life of the universe. Even not-yet-developed quantum computers wouldnāt change that significantly (though they would cause serious issues for current asymmetric cryptographic systems).
There are security implications for using cloud services, but the inherent integrity of AES isnāt currently one of them.
Opinion follows, but informed opinion based on my work in the field:
Purely from the perspective of keeping your secrets out of the hands of others, 1PWās cloud service should be by far the least of nearly anyoneās concern. People vastly overestimate the security of their own self-managed systems and endpoints, and even more vastly underestimate the threats to them.
You (anyone reading this) might be that one in a million expert who can and will manage their systems in a more secure manner than someone like 1PW, but Iāve been in the game long enough to strongly suspect that youāre probably not. I know that Iām not.
10 Likes
According to Gardner 85% of enterprises will have a cloud-first principle by 2025. And one of the top reasons is security. Companies and even large corporations do not have the ability to protect their data as well as the major cloud providers.
5 Likes
Iām not a 1 password hater and have used themā¦wellā¦since nearly day one of their release. As much as I also appreciate that in theory large company security will be better at securing data than the average Joe blogs, I would disagree in practice as people are involved and no system is free of bugs. My concern is with storing my most important and sensitive information on someone elseās server. Iāve grown up with the knowledge that online is not secure. I also think that the reputation of 1 Password, the fact that Apple employees are using it makes it a prime target. It also has a massive surface area of attack.
Having also been going through a similar process with encrypted email, it has highlighted that browser access to secure data introduces a major weak point. Companies could be forced by governments to build in a back door through a browser, plugins could compromise security as well as a myriad of other security challenges.
This leads me to a question. Do I actually need all my passwords and secure data in the cloud? No, not really. I would prefer a single vault stored on my mobile device (not icloud) and another copy on my mac hard drive. However poor I may be in security, an encrypted vault on my mobile deviceās hard drive, where the device is encrypted has to be a better option that any server online?
If anyone knows of such an option I would be most grateful if they could share it.
Robert Morris, a cryptographer & computer scientist, once said: The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it.
I think most experts would say, āThat depends . . . ā
But, should you choose to turn yours on, maybe this would be useful.
6 Likes
I use Strongbox on my Mac and I simply drag the password file from my Documents folder to the Strongbox app on my phone when it is connected via USB cable. Could go the other direction, I suppose.
2 Likes
As someone who uses 1PW on macOS, iOS, iPadOS, and (sigh) Windows, I can say that the beta of v8 on Windows is much, much faster than v7. I also havenāt noticed any slow downs on macOS other than perhaps initial launch.
The Firefox and Chrome extensions (in Edge) donāt seem slow on either platform and Iāve had no issues with the Safari extension as yet.
3 Likes
This is an exceedingly long thread! Havenāt been on the MPU forum for a while, so Iāve spent a good portion of the last hour catching up on this discussion 
Iām not a 1PW user and never have been, so I canāt comment from that perspective. But I have some thoughts on the switch to Electron.
Like it or not, I think Electron, or something like it, is the future. Not because devs are lazy and want easy cross-development, but because the web is as close to an open platform as weāll get. If macOS or Windows eventually get disrupted by other OSes, web apps will continue to run. If there are weird differences in OS implementations of a feature, web apps will still run, as intended. Sure, this allows bad UI/UX, but it can also facilitate a consistently good UI/UX for all platforms.
We can all agree Electron can have significant downsides, but I think the move to it now bodes well for the future. As more and more companies move to it, they will want a nice user experience for their product, and devs will continue to improve Electron, or create other frameworks that use the same concept. I think people are hung up on the move to Electron because they think of it as a downward trend from native Mac apps. I think of the move to Electron as a shift to apps that are less performant now, but that will be more performant, and offer great UI/UX to all platforms in the long run. And a well-executed Electron app can still be a pleasure to use (thinking of Obsidian and VSCode here).
Anyways, this has been an interesting discussion to read. Apologies for the wall of text 
3 Likes
I agree.
I would say āWhenā macOS and Windows are disrupted - by the cloud.
I think Satya Nadella expects this to happen. And I donāt believe Appleās hiring of top cloud talent is just an attempt to get iCloud to sync reliably.
What wall? 
Honestly, I think that they already have been so disrupted, even if many of us havenāt completely noticed it yet 
2 Likes
Are we playing 20 questions? 
You may have read that ChromeOS recently passed macOS to become the second most popular OS. This doesnāt mean that it is better than macOS. But it does mean that many people can now use cloud services to do most or all of their work.
In 2018 I had a large number of old iMacs that would need to be replaced in the next 12 months. We were in the process of replacing our on premise email server and moving to G Suite. The users in this department needed a browser, email, a basic spreadsheet, and the ability to connect to an IBM midrange computer.
I tested a ChromeBox with a 21 in monitor and confirmed that we could use ChromeOS to replace all the Macs without the need for any training. The company chose to pass on the cost savings and continue with Apple.
Chrome OS passed macOS in terms of sales, not market share, right? And I believe that was in 2020, but I donāt rememberā¦
A business in my area has been specifically looking for a Chromebase. They ended up purchasing this one.
At my age the term recently can mean since Obama was elected.
1 Like
Iām using Strongbox talking to a KeePass filefor both, Works well for me.
1 Like
I just find myself wondering, other than education, what the use case is for ChromeOS - especially what might put it in a position to replace Windows or Mac.
It does less than Windows or Mac, doesnāt do anything Windows or Mac canāt do, and still generally requires decent hardware for doing any serious work since Chrome - the basis for all the apps - can be pretty intense in terms of resource usage if one is doing much more than checking Gmail and browsing a few tabs.
I can buy into the idea that āthe web is the futureā, and many of our apps will be web-based. But I donāt know that ChromeOS is going to be whatās going to get us there.