Password Managers revisited (tired of 1Password issues)

+1 Bitwarden. However, I use them to store on the cloud but it works well, and between Apple and Microsoft, that is a plus for me.

2 Likes

ResilioSync leverages torrents, so be sure to set the settings correctly to keep your data within your LAN.

1 Like

I use Last Pass on my Macs with no issues. I can’t remember off hand what I pay for it. Used to be 12$ not sure if it went up this year. I have found it very good now, though it has improved a lot since I first loaded it. I know One Password is overwhelmingly popular among power users and I take anything recommended by @MacSparky seriously. I never tried One Password though as I was quite happy with Last Pass and though it is my wont I didn’t experiment.

Keepass would be my go to for password management if I didn’t want to use the cloud. You’d have to use a compatible app mind, as Keepass itself doesn’t run on Mac, but KeepassX does (and quite well - I used this without issue). I also see that there is another Mac option now, MacPass.

From memory, it can do merge internally. It’s not full sync, but you can import merge two files together i.e. over the network, or use the USB version as the “true source”. I think it even has WebDAV support, but it’s been a while since I used it.

I see Resilo Sync mentioned. I bought this years ago, when it was first released and I’ve been using it happily ever since. Have it on my Mac, Windows machine, my Synology NAS and MacBook and it syncs between all of them without issues.

This is absolutely true, but I thought @OogieM was syncing in one direction only. Was I mistaken?

No I mean true multipath sync (multiple macs to each other and multiple iOS devices)

Then, as @tjluoma says, definitely not rsync.

So if the reason @OogieM is seeking a non-cloud sync is purely to avoid using the “cloud”, I would strongly recommend a paradigm shift. Of all the things to store in the cloud a 1Password database is probably the safest. https://support.1password.com/sync-options-security/

If you opt to forgo the 1Password account, you should still be able to sync to iCloud. That is fully encrypted, too, including the data transmission to and from. https://support.apple.com/en-us/HT202303

And remember, your Master Password is not saved in the database at all…

3 Likes

Nope, a single point of failure is a risk. My data on an unconnected server I control requires physical possession to compromise. My data in among many other people in a honeypot scenario is much more at risk. iCloud is also not an option.

That’s not to say I don’t use some cloud services for specific reasons. LambTracker development is using Google drive for the discussions on the functional and technical specs. But then again LambTracker is open source and I WANT people to take it copy it, use it and improve it.

So wouldn’t using iCloud sync for 1Password—not the 1Password account sync on their server—work for you? Your data is kept on each of the Macs and a backup/sync copy on iCloud. Encrypted data re-encrypted on iCloud.

No, it will not. I spent far too many years in a work environment with high security and have a very good understanding of current cryptanalysis techniques and capabilities. I do not want my personal data out of my control, period.

The only thing I use iCloud for is syncing Safari bookmarks.

Its main ‘advantage’ is that it can be used in any browser, and that you don’t need to have a local locked-up password database because you’re getting/making your passwords while connected online with the service. Yet that also can be a liability

https://twitter.com/mubix/status/1270798150807191553

The only app PrivacyTools recommends that’s Mac/iOS is the open-source BitWarden, which lets you host your own password server.

I’d also suggest checking out SpiderOak + its open source password software which uses encrypted cloud storage and client-side encryption key creation so SpiderOak employees cannot access users’ information. Encryptr is the open source (GitHub) password manager (with free iOS app) that encrypts your files and and is entirely within your control in your SpiderOak account. I’ve never touched it (or SpiderOak) but SpiderOak has a sterling rep (in an interview Edward Snowden said 'Get rid of Dropbox" and recommended SpiderOak) and I know of one CISO who uses Encryptr.

1 Like

While I am not unhappy with 1password in general, I am thinking of just using the built in apple keychain password manager going forward.

Keychain is a solid basic implementation. But its utility is severely limited if you use other browsers or are in an iOS app and need to grab your login info.

I love being able to have my 2FA expiring passwords put into my clipboard for immediate pasting with 1Password, I like Watchtower’s check-ins with the ‘Have I Been Pwned’ database to inform me when any of my passwords appeared in data breaches.

I like the Markdown-supported secure notes, and the fact that with the subscription you can attach files to Secure Notes up to 2Gb in size (without subscription it’s 5Mb) - this lets me keep all my most important insurance documents and ID/passport scans with me and locked down.

In all, it gives me much more flexibility and power than Apple’s included solution for $35.88/year. In fact I just logged in and noticed I’m up for renewal in a week, which I’m fine with.

2 Likes

Out of curiosity, I decided to try out Mozilla’s Lockwise, and it’s actually pretty decent. It doesn’t handle 2FA, however.

Given your apparent technology expertise and your desire to control all of your data points, what about setting up a nextcloud server and using something like Passman?

https://apps.nextcloud.com/apps/passman

Just to throw a random alternative out there… :slight_smile:

Dropbox has a beta password manager by invite-only, with iOS app. It uses a zero-knowledge protocol.

I’ve been using Resilio Sync for years and it works great with one major caveat – you really need one computer to be running 24/7 since two computers can only sync if they both are running. So probably not good if all you have is a desktop and a notebook with only one on at a time. I’ve got a server computer as well that acts as my personal cloud for Resilio Sync.

On the list to investigate now, thanks

1 Like