Random Thoughts - Password Managers (1Password 8, Strongbox, KeePassXC)

The latest iteration of 1Password triggered a project for me to find a viable alternative for this App which I have used for many years. Unlike some, I didn’t have a visceral dislike of subscriptions, or a particularly great desire for a local database store, but I had a sense that 1Password had become a bit bloated and I worried the new business model was about being all things to all people. After 4 to 5 months on this, my thoughts, …

I discovered a heck of a lot of password makers to choose from and a dearth of really insightful independent reviews. I had a random walk through many of the better known names and unreasonable as it is I was repulsed by some of the interfaces and more than few apps were tossed aside on this fickle assesement.

I also ran into the problem that having worked with 1Passwords for many years I had a built in expectation of how things work. Consequently, no matter how superficially easy the transition to another password manager was there are subtle adjustments to workflows and time need to discover the quirks of a new app and workarounds if required.

I am trying to be objective here, but it is just my opinion, … I really doubt the overhead of transition away from 1Password merits whatever the countervailing benefits are perceived to be. In retrospect this is not surprising,. 1Password has had a long runway of development and probably greater resources applied to the challenges of App development compared to many of its competitors. For a user in the Apple orbit most password managers do not match the integration across browsers that 1Password has been able to achieve.

Notwithstanding the above, I am still dabbling with Strongbox. I think the iOS Strongbox App is terrific, on any basis, but particularly so coming from a small development team. The Mac OS App is serviceable but it needs more work. Strongbox is not in the same league as 1Password but it does offer local database storage, the open source Kee Pass format, and a once off lifetime payment if you want to avoid a subscription (also a free version). Incidentally the Kee Pass format theoretically offers great flexibility, but in practice it does not exist because there is only a couple of viable clients available on the Mac.

I would think if you are a 1Password user auto fill is an essential requirement. At this stage Strongbox on the Mac only has autofill on Safari because it uses the built in Safari extension. The workaround if you want to use other browsers and have autofill is to use KeePassXC.

I get downvoted every time I say this, but I have tried all of the alternatives and nothing, and I mean nothing, comes to 1Password.

With that said, I cannot ****ing stand AgileBits as a company. Their actions to their core loyal user base has been hostile and some of their customer service have smug/arrogant attitude against their customers. I wish I didn’t have to give them my money but there’s no denying it – 1Password 8 is the best password manager so far. The app is so darn beautiful, I’ll take a line from Steve Jobs and say “you’ll want to lick it”.

Bitwarden, StrongBox, Dashlane, enPass, LastPass and a few others (including a new Mac only one someone on MPU mentioned recently. Out of all these solutions, Bitwarden was the closest alternative though it doesn’t have nearly the polish that 1PW has.

I for one really hate subscriptions and try to avoid them like the plague, but this is one of only 3 subscriptions (aside from iCloud+ 200GB & Inoreader Pro RSS service) that I feel is worth the price. I hate that I sound like a shill for the company, but please prove me wrong, I beg you.

I was a little concerned about it being an Electron app after all of the crazy negative reviews, but after using it for 6 months I honestly do not understand the hate. Takses too much memory? I don’t care. Bloated? How? UpNote, my favorite (non-subscription!) most beautiful Obsidian alternative is also Electron and I find it a joy to use. Like @MacSparky said during one of the recent shows, it’s really unfair to put all electron apps in the same board.

On the other hand, there’s unbelievably bloated & slow electron apps, like Discord for Mac, and then on the other spectrum 1Password and UpNote that run buttery smooth even on ancient Mac (2012!) hardware.

My flame suit is on, I welcome any opposing views, but dismissing 1Password 8 is a huge mistake. I also love the 1Password.com integration as everything syncs instantly unlike my old Dropbox sync setup. Having 1PW 8 also allowed me to uninstall the bloated Dropbox client and stop using my free account altogether.

I also can’t stand AgileBits as a company. I feel betrayed by them. I cringe every time the Mac Power Users podcast uses them as an advertiser. It’s dirty money in my mind. I won’t rehash all the reasons I hate them, we’ve discussed them ad nauseum.

I’ve been slowly moving to KeePassXC while using the old version of 1Password that I have bought the license in full and I manually copy and paste passwords into websites. Because they intentionally crippled the plugin to force us to go to cloud storage and a subscription.

I’ve actually found it’s not as bad to manually copy and paste passwords as I thought. I’ve been doing it for maybe 6 months now, and it’s been not too bad. I actually delayed updating OS X for like 2 years, just so I could keep using the old Safari plugin with my old 1Password. I finally gave up 6 months ago because of fears of security flaws in the older OS X.

I think Strongbox and KeePassXC is the way to go.

And I seriously hope MPU podcast considers stopping accepting advertising dollars from AgileBits. If someone smarter than me creates a petition, I’d gladly sign it.

There is no excuse for arrogance from their customer service. But AgileBits core user base has been 1Password.com subscribers for the last few years. They accounted for 97% of 1PW users in 2021. It appears the sun may be setting on standalone non subscription apps.

Auto-filling login fields is overrated in my opinion and I don’t trust the security of browser extensions. I never used 1Password’s auto-fill extension and have turned it off in Strongbox as well. But, at least on the Mac, Strongbox has a nice button that will grab a copy of my password for the clipboard and open a website. It is not hard for me to take it from there.

As someone who’s never used iPassword, but a few other password managers, I’m curious to know what makes 1PW so special? To me they all look the same. And more or less do the same too.

They sponsored an incredible number of podcasts, thereby purchasing mindshare among power users.

It might be a sacrilege to mention it here, but what about the Apple KeyChain?

There isn’t a single tech podcast in the top 200. I’m pretty sure the power user market wouldn’t keep AgileBits in coffee for very long.

I am still a user of LastPass after many years. Lately though, it seems to be blocked from some pages, esp where I want to fill form data or credit card info. The basic username / password functionality is fine, but I have noticed some decline in reliability. The support also varies slightly between Mac and iOS.

My needs are pretty basic. I’m happily using Bitwarden, but if Apple adds a bit more functionality to Keychain, I think I can switch over.

Biggest issue for me is easy access to it for making new passwords.

For me, it’s fourteen years of trouble free use. And having companies like IBM choose it reinforces my decision.

But they have reach. They are the tech support for countless family members. And they recommend 1PW to all their family and friends.

Isn’t that a security risk as well? (Other applications can read the clipboard)

(I use 1Password, but sometimes also need to copy/paste a password, when the browser plug-in or the new Universal Autofill don’t work)

Check the box for the Strongbox preference “auto clear clipboard on exit and after so many seconds.”

My Mac will be completely secure only if I turn it off and never use it. Security vs. convenience is always a trade-off. You can’t get around it. But you often can choose your compromises.

I’m in the same boat, but it’s something that I struggle with. On the one hand, I don’t trust the extensions (or any browser plugins/extensions), but on the other, the clipboard is a really easy attack vector for grabbing secrets. I really wish Apple would let us permit list which apps can access the clipboard, or at the very least, let give us iOS-like notifications about when an app does so.

It’s a risk based decision (as everything security related turns out to be ). Do you trust the software that you install over the software that you download and run in your browser with every page view? That sounds like a loaded question, but it’s really intended to be genuine: I ponder the question frequently and currently still tend toward copy/paste plus automatically clearing the clipboard after a short period of time.

I started using 1Password when it was far superior to other options. A password manager has to be fast, reliable, and easy to use, and at the time nothing else was. Let’s face it, there isn’t too much innovation left in this field; we’ve got auto-filling, automatic scanning for bad and reused passwords and compromised sites, the ability to share a “vault” of passwords, and a nice interface that works reliably on macOS and iOS.

A competitor has to have all of that plus something else that will make it worthwhile for me to move my workflow and 1,170 passwords. Or, AgileBits has to start failing at the above. For me, that hasn’t happened yet.

Like @Brisbane, I think that competitors have a tough road ahead because the overhead to switching is big. That’s not a great situation because it doesn’t keep AgileBits on their toes.

I see two scenarios playing out. One is that AgileBits abandons Mac users because their focus is on enterprise. I think this is likely, though by “abandon” I just mean that they stagnate and allow enterprise decisions to make a the non-enterprise experience worse. The other is that Apple’s password management becomes good enough for the vast majority of users, and it works better, so people switch away from 1Password.

I’m tempted by that latter category, but I don’t think Apple will ever have a way to reliably share a set of passwords (we can’t even share native-resolution photos), so that’s probably just a fantasy of mine.

Then again, maybe we’ll finally move beyond passwords?

And I’m sure that contributed to 1PW success, especially in the early days. The fact that they still advertise on podcasts says they still see value in continuing to do it.

Individuals must still be a important part of their sales but not like before. If we are really looking at the end of passwords that’s probably a good thing for AgileBits.

I’ve been a 1PW user for years, and have had just a few issues with the program, but it has been a solid program.

Just yesterday I started to test Keychain…there were four reasons why:

1. My passwords needs are fairly simple, I just need a program that will insert/create passwords on my Mac/IOS, and I use Safari almost exclusively
2. The security needs to be top notch
3. No bloat
4. I like to test things
5. (and if there is a simple solution that works for free, then it seems sensical to give it a go)

If Keychain can do that for me, then I will not renew my subscription at the beginning of June.

I’ll give an update in a bit to see how the test goes (so far, so good)…