No I mean true multipath sync (multiple macs to each other and multiple iOS devices)
So if the reason @OogieM is seeking a non-cloud sync is purely to avoid using the âcloudâ, I would strongly recommend a paradigm shift. Of all the things to store in the cloud a 1Password database is probably the safest. https://support.1password.com/sync-options-security/
If you opt to forgo the 1Password account, you should still be able to sync to iCloud. That is fully encrypted, too, including the data transmission to and from. https://support.apple.com/en-us/HT202303
And remember, your Master Password is not saved in the database at allâŚ
3 Likes
Nope, a single point of failure is a risk. My data on an unconnected server I control requires physical possession to compromise. My data in among many other people in a honeypot scenario is much more at risk. iCloud is also not an option.
Thatâs not to say I donât use some cloud services for specific reasons. LambTracker development is using Google drive for the discussions on the functional and technical specs. But then again LambTracker is open source and I WANT people to take it copy it, use it and improve it.
So wouldnât using iCloud sync for 1Passwordânot the 1Password account sync on their serverâwork for you? Your data is kept on each of the Macs and a backup/sync copy on iCloud. Encrypted data re-encrypted on iCloud.
No, it will not. I spent far too many years in a work environment with high security and have a very good understanding of current cryptanalysis techniques and capabilities. I do not want my personal data out of my control, period.
The only thing I use iCloud for is syncing Safari bookmarks.
Its main âadvantageâ is that it can be used in any browser, and that you donât need to have a local locked-up password database because youâre getting/making your passwords while connected online with the service. Yet that also can be a liability
The only app PrivacyTools recommends thatâs Mac/iOS is the open-source BitWarden, which lets you host your own password server.
Iâd also suggest checking out SpiderOak + its open source password software which uses encrypted cloud storage and client-side encryption key creation so SpiderOak employees cannot access usersâ information. Encryptr is the open source (GitHub) password manager (with free iOS app) that encrypts your files and and is entirely within your control in your SpiderOak account. Iâve never touched it (or SpiderOak) but SpiderOak has a sterling rep (in an interview Edward Snowden said 'Get rid of Dropbox" and recommended SpiderOak) and I know of one CISO who uses Encryptr.
1 Like
While I am not unhappy with 1password in general, I am thinking of just using the built in apple keychain password manager going forward.
Keychain is a solid basic implementation. But its utility is severely limited if you use other browsers or are in an iOS app and need to grab your login info.
I love being able to have my 2FA expiring passwords put into my clipboard for immediate pasting with 1Password, I like Watchtowerâs check-ins with the âHave I Been Pwnedâ database to inform me when any of my passwords appeared in data breaches.
I like the Markdown-supported secure notes, and the fact that with the subscription you can attach files to Secure Notes up to 2Gb in size (without subscription itâs 5Mb) - this lets me keep all my most important insurance documents and ID/passport scans with me and locked down.
In all, it gives me much more flexibility and power than Appleâs included solution for $35.88/year. In fact I just logged in and noticed Iâm up for renewal in a week, which Iâm fine with.
2 Likes
Out of curiosity, I decided to try out Mozillaâs Lockwise, and itâs actually pretty decent. It doesnât handle 2FA, however.
Given your apparent technology expertise and your desire to control all of your data points, what about setting up a nextcloud server and using something like Passman?
https://apps.nextcloud.com/apps/passman
Just to throw a random alternative out there⌠
Dropbox has a beta password manager by invite-only, with iOS app. It uses a zero-knowledge protocol.
Iâve been using Resilio Sync for years and it works great with one major caveat â you really need one computer to be running 24/7 since two computers can only sync if they both are running. So probably not good if all you have is a desktop and a notebook with only one on at a time. Iâve got a server computer as well that acts as my personal cloud for Resilio Sync.
On the list to investigate now, thanks
1 Like