Password managers - time for me to look at what's available

The last time I checked what passwords managers that was available was when I switched from Web Confidential to 1Password … so at least 12 years ago. During that time 1Password have been an excellent choice for me, but now is the time to see if I should continue using 1Password or switch to something else. There are three things in v8 that have made me decide to look at what’s out there:

  • No local vaults
  • Subscription
  • Electron

I could probably live with any of these changes but all three together is reason for me to check out the alternatives. (no, I’m not interested in a discussion of these three items, just humor me)

My requirements are

  • Not being required to use the servers of a specific company (especially not if they are in the US or outside EU).
  • Being able to sync between iOS/macOS
  • Decent integration with iOS/macOS (similar to what 1Password have)
  • I very much prefer a native experience (my experiences from Electron apps are not … entirely positive)
  • It would be nice if it could handle different datatypes (similar to 1Password)
  • I’m not entirely negative to subscriptions but I want “local” archives
  • Good reputation and track record of the developers, preferable external review of security etc. (I’m hesitant of apps from unknown developers)

So I started to look at what’s available and there are quite a few, my current alternatives are

  • Keychain, rumored to be better in new versions of iOS/macOS
  • 1Password
  • BitWarden, there also seem to be various forks but I haven’t figured out how good the integration with iOS/macOS is.
  • Dashlane, as I understand it they are requiring use of their servers

What other apps would you recommend me checking out before making a decision (I’m in no hurry since I expect that 1Password v7 will continue working for quite some time)?

I haven’t tried it but have heard good things about Secrets and it’s a native app.

3 Likes

If you’re interested in what I call the “KeePass way,” you might try this combo:

You’d then sync a KeePass file among your devices via whatever method suits you. (I’m using iCloud, but you mentioned not wanting to use a U.S.-based storage provider.)

Interesting … but why use different apps for macOS and IOS? Doesn’t Strongbox work on both IOS and macOS?

Could Dropbox be used to sync the vault? I still don’t trust iCloud sync. A few years ago (2018, maybe?) there were terrible problems with iCloud sync for 1Password (the non-subscription, stand-alone version). It was necessary to use Dropbox to sync the 1Password vault until the problems with iCloud sync were resolved - or at least mitigated. This worked so well that I continued using Dropbox to sync the 1Password vault until last year when I switched to the subscription version of 1Password that syncs through 1Password servers. I would have no problem syncing a password vault file through Dropbox again.

Yes, you can use Dropbox, or Sync.com, or pretty much any other cloud vendor that works with both macOS and the iOS Files app. That’s the beauty of this approach: all you’re doing is sharing a KeePass-format file back and forth. Indeed, some people manually share the file, although that’s becoming increasingly impractical as phones and tablets gradually lose physical ports in favor of an all-wireless approach.

As for the question about different apps: I’m just trying this out for now, and KeePassXC is free, while Strongbox is not. I have tried the Mac version in the past but found I preferred KeePassXC for a variety of reasons. The reason I chose Strongbox for iOS over the limited free version of KeePassium was, as I noted, because KeePassium on iOS 14 keeps having a particular issue and the suggested fix doesn’t stay fixed.

It will be interesting to see what you decide. Even diehard 1PW users like me like to have a backup plan.

According to this they use Amazon AWS, if that makes a difference.

I just mentioned in the other discussion regarding 1Password going Electron that Enpass is worth considering.

(Sorry but I don’t know how to link to another topic in this forum or I would do that!)

1 Like

I have used 1Password since at least 2009, possibly longer. In an oddity I did buy a subscription but have kept using the standalone 1Password7. I am now trying out the new release version 8. Its okay with a few expected glitches, but I loath the “family” icon on its front face. :rofl: I am recently retired so my use case and computing keeps evolving. I think this new model introduced by 1Password will trigger many users to reassess the way forward. I have an ageing iMac 27 on Catalina and waiting for a M1 model.

With this is mind I am wondering if I could manage okay with the password system in Monterey. I have had a look at other alternatives and there is quite a few around when you start digging around. I have loaded trial versions of Secret and Keeper. Keeper seems to get to top or near the top of some reviews, … seems to have similar functionality to 1Password but local storage. I seemed to have gelled with Keeper in my cursory trial, … but like you I am not rushing, … I am sure some experts will do this topic over in detail in coming weeks, … and I will give 1Password8 a good trial. Its sometimes disappointing when there’s a feeling that a software house is leaving past loyal supporters in the dust, … I am sure they have budgeted for some attrition, and as they say business is business, …

Personally I don’t care whether it’s an electron app or not. Does it work? Yes? Fine. Let’s go.

Maybe it’s the old Windows user in me, the poorer than poor young person in me, but I find this Apple-centric aversion to the web snobby. Seriously. It’s not a good look.

Ben Thompson mentioned this in his podcast:

Sorry Mac fans but the platform is the web whether you want it to be or not. Either learn to adjust or get left behind.

I usually skip ahead when podcast hosts start kvetching about web wrappers which most “web apps in a shell” are not or Electron because it’s truly getting old.

I just want to store my passwords and other important information and I don’t give a care how it looks. Apparently it’s MMMV.

/endrant

1 Like

I agree, if you add the word “securely.” Then it becomes more difficult.

1 Like

Thanks for the suggestions, I’ll take a look at them and try figure out what to do.

The beautiful thing is that it’s possible to chose something that fits your way of thinking, your aesthetic, etc. It would be horrible if we all had to use the same tools. It’s like cars, clothes, food, etc we all prefer different things (and yes, “snobbery” is used when talking about cars, clothes etc also). Some people are quite particular to what car they are driving (a friend completely refuses to own a Ford) while others (like me) don’t care about car brands … I just need to get from point A to B … reliable.

To me it’s silly to say something have “won”, simply because things change … I’m old enough to have seen several different technologies “win” and be forgotten a few years later. And no, I’m not saying the web is going away anytime soon :yum: just that things change over time.

1 Like

One of my colleagues uses the free version of Dashlane, but she complains about its usability more than my experience with 1Password 7 in the cloud.

Leo Laporte on MacBreak Weekly uses Lastpass, which hasn’t been mentioned here. It is also a sponsor of his shows.

Some of the MacBreak Weekly commentators complain about electron apps on the basis of aesthetics, stability and CPU / memory hogging. I can’t comment.

Is the consensus that 1Password 8 will be less secure because it is an electron app or is the concern “just” because it is not stored just on device? So far as I understand the current cloud-based version of 1Password 7, although stored on someone’s server it is stored encrypted and needs my Master password to decrypt. Is that not the case? Will that no longer be the case in 1Password 8?

Thanks for any enlightenment please.

The last time I heard something about password managers from Leo L he didn’t mention LastPass, instead he was talking about BitWarden.

I would say that the Electron part is mostly based on previous experience with Electron apps (in my experience they don’t behave like I expect an app to behave on macOS, others have no problems). As for cloud storage or not, this is a personal preference - there are definitive advantages on cloud based storage, but for some this is nothing they like. For some it’s not necessary.

As far as I understand, the data stored on the 1Password servers are encrypted and can’t be decrypted by AgileBits without your password.

1 Like

LastPass is no longer a studio sponsor. And Bitwarden has sponsored Security Now.

I’ve used Bitwarden for a couple years, the paid version using their cloud. I like that it’s open source, cross platform, and inexpensive. I needed something to help my parents (Windows/iPhone) migrate from the handwritten sheet. It’s certainly one of the best free versions. That said, it’s a smaller company, and their Safari extension stinks. They finally updated it to support M1, and they can’t even get the window height fixed. But it works, even with TouchID now. I think it’s easy to try out, great for X-platform, and if you have the tech knowhow you can roll your own cloud.

1 Like

The August 14 episode of Techmeme Ride Home podcast includes a long interview with the 1Password engineering and founding team. Some of the company’s history and potential future directions is discussed as well as some of the why of version 8.

1Password discussion begins around the 24 minute mark.

4 Likes

I agree that Enpass is very much worth a look. I started using it about 3 years ago to prepare for the day 1Password went subscription-only.

It’s very feature-rich and integrates well on Mac and IPad/iPhone (I can’t speak for other platforms - no experience). It isn’t very pretty, but it works very well.

Sub or one-time payment both offered. Free on desktop.

1 Like

Thanks. That was very helpful.

Your data on 1Password is encrypted using your secret key plus your password. 1PW doesn’t have a record of either one. If you forget your master password no one can help you.

https://support.1password.com/secret-key-security/

2 Likes

I must say I love Bitwarden… from the fallout of the other LONG topic in this forum I thought I would give it a go… and I must say I like it far more than 1P. Maybe its the shiny new toy syndrome but so far so good… just need to try families now.

1 Like